> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bizmori.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate your BIZ MORI API requests

All API endpoints require authentication using an **API key** passed as a Bearer token.

## Getting your API key

1. Sign in to the [BIZ MORI Dashboard](https://app.bizmori.com)
2. Navigate to [**API Keys**](https://app.bizmori.com/keys)
3. Click **Issue New Key**
4. Copy and securely store the key — **it will only be shown once**

<Warning>
  Your API key grants full access to your account's API. Never expose it in client-side code, public repositories, or version control. Store it as an environment variable.
</Warning>

## Using your API key

Pass your API key in every request using the `Authorization: Bearer` header:

<CodeGroup>
  ```bash cURL theme={null}
  curl -X POST https://api.bizmori.com/api/v2/orders/anti-ai \
    -H "Authorization: Bearer YOUR_API_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"idempotencyKey": "unique-key", "files": [{"fileName": "image.jpg"}]}'
  ```

  ```javascript Node.js theme={null}
  const response = await fetch('https://api.bizmori.com/api/v2/orders/anti-ai', {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer YOUR_API_TOKEN',
      'Content-Type': 'application/json',
    },
    body: JSON.stringify({
      idempotencyKey: 'unique-key',
      files: [{ fileName: 'image.jpg' }],
    }),
  });

  const data = await response.json();
  ```

  ```python Python theme={null}
  import requests

  response = requests.post(
      'https://api.bizmori.com/api/v2/orders/anti-ai',
      headers={
          'Authorization': 'Bearer YOUR_API_TOKEN',
      },
      json={
          'idempotencyKey': 'unique-key',
          'files': [{'fileName': 'image.jpg'}],
      },
  )
  data = response.json()
  ```

  ```php PHP theme={null}
  <?php
  $ch = curl_init('https://api.bizmori.com/api/v2/orders/anti-ai');
  curl_setopt_array($ch, [
      CURLOPT_POST           => true,
      CURLOPT_RETURNTRANSFER => true,
      CURLOPT_HTTPHEADER     => [
          'Authorization: Bearer YOUR_API_TOKEN',
          'Content-Type: application/json',
      ],
      CURLOPT_POSTFIELDS => json_encode([
          'idempotencyKey' => 'unique-key',
          'files'          => [['fileName' => 'image.jpg']],
      ]),
  ]);
  $data = json_decode(curl_exec($ch), true);
  curl_close($ch);
  ```

  ```ruby Ruby theme={null}
  require 'net/http'
  require 'json'

  uri  = URI('https://api.bizmori.com/api/v2/orders/anti-ai')
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true

  req = Net::HTTP::Post.new(uri)
  req['Authorization'] = 'Bearer YOUR_API_TOKEN'
  req['Content-Type']  = 'application/json'
  req.body = JSON.generate(
    idempotencyKey: 'unique-key',
    files: [{ fileName: 'image.jpg' }]
  )

  data = JSON.parse(http.request(req).body)
  ```

  ```go Go theme={null}
  package main

  import (
  	"bytes"
  	"encoding/json"
  	"net/http"
  )

  func main() {
  	body, _ := json.Marshal(map[string]any{
  		"idempotencyKey": "unique-key",
  		"files":          []map[string]string{{"fileName": "image.jpg"}},
  	})

  	req, _ := http.NewRequest("POST",
  		"https://api.bizmori.com/api/v2/orders/anti-ai",
  		bytes.NewBuffer(body),
  	)
  	req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN")
  	req.Header.Set("Content-Type", "application/json")

  	resp, _ := http.DefaultClient.Do(req)
  	defer resp.Body.Close()
  }
  ```

  ```java Java theme={null}
  import java.net.URI;
  import java.net.http.*;

  HttpClient client = HttpClient.newHttpClient();
  HttpRequest request = HttpRequest.newBuilder()
      .uri(URI.create("https://api.bizmori.com/api/v2/orders/anti-ai"))
      .header("Authorization", "Bearer YOUR_API_TOKEN")
      .header("Content-Type", "application/json")
      .POST(HttpRequest.BodyPublishers.ofString(
          "{\"idempotencyKey\":\"unique-key\",\"files\":[{\"fileName\":\"image.jpg\"}]}"
      ))
      .build();

  HttpResponse<String> response =
      client.send(request, HttpResponse.BodyHandlers.ofString());
  ```
</CodeGroup>

## Rate limits

API requests are rate-limited per your subscription plan. When exceeded, the API returns `429 Too Many Requests` with the `RATE_LIMIT_EXCEEDED` error code.

| Plan       | Requests per minute |
| ---------- | ------------------- |
| Free       | 60                  |
| Pro        | 300                 |
| Enterprise | 1,000               |

<Tip>
  For high-throughput use cases, contact [support@bizmori.com](mailto:support@bizmori.com) to discuss Enterprise rate limits.
</Tip>

## Idempotency

All order creation endpoints accept an `idempotencyKey` field. Submitting the same key twice returns the **original order** instead of creating a duplicate — safe for network retries.

```json theme={null}
{
  "idempotencyKey": "unique-request-id-123",
  "files": [...]
}
```

Use a UUID or a deterministic key derived from your business logic (e.g., `user-{id}-batch-{timestamp}`).
