> ## Documentation Index
> Fetch the complete documentation index at: https://docs.qoder.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate Qoder Cloud Agents API requests with a Personal Access Token (PAT).

The Qoder Cloud Agents API uses **Personal Access Tokens (PATs)** for authentication. Every API request must include a valid PAT in the HTTP headers.

## Obtaining a PAT

1. Sign in to the [Qoder console](https://qoder.com).
2. Open **Settings → API Tokens**.
3. Click **Create token** and configure the name and scopes.
4. Copy the generated token. The full value is shown only once—store it securely.

<Note>PATs are prefixed with `pt-`, e.g. `pt-your-token-here`. Never commit tokens to source control or share them.</Note>

## Bearer header format

Pass the PAT in the `Authorization` header of every request as a bearer token:

```text theme={null}
Authorization: Bearer pt-your-token-here
```

### Full request example

```bash theme={null}
# List Agents
curl -s https://api.qoder.com/api/v1/cloud/agents \
  -H "Authorization: Bearer $QODER_PAT"
```

## Environment variable (recommended)

Store the PAT as an environment variable to avoid hard-coding:

```bash theme={null}
# Add to ~/.bashrc or ~/.zshrc
export QODER_PAT="pt-your-token-here"
```

```bash theme={null}
# Verify the configuration
curl -s https://api.qoder.com/api/v1/cloud/agents?limit=1 \
  -H "Authorization: Bearer $QODER_PAT"
```

## Security recommendations

* Use separate PATs for development, staging, and production.
* Rotate tokens regularly.
* Apply least-privilege scopes when issuing tokens.
* Revoke any leaked token immediately from the console.

## Next steps

<CardGroup cols={2}>
  <Card title="Overview" icon="rocket" href="/cloud-agents/overview">
    How Qoder Cloud Agents fits together.
  </Card>
</CardGroup>
