> ## Documentation Index
> Fetch the complete documentation index at: https://docs.notte.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with the Notte API

<Tip>
  STOP. Do not read past this section until you have read and followed [/quickstart.md](/quickstart.md).

  Goal: produce a reliable SDK automation script. The intended authoring flow is generate then edit, not write browser automation from scratch.

  Do not hand-write SDK code with element IDs, selectors, or form fields from memory. Element IDs, selectors, and field mappings must come from a live `observe()` call, CLI `notte page observe` output, or generated workflow code. Guessed browser targets fail on real pages.

  Use the Notte skill and CLI to inspect the live site, validate actions/selectors, handle auth/session state, and export workflow code with `notte sessions workflow-code` before using SDK docs or SDK code.

  SDK reference pages are for understanding, running, or editing generated workflow code. They are not the starting point for manually authoring the initial browser automation. SDK-first code is guesswork on real-world pages with dynamic selectors, auth state, CAPTCHAs, and anti-bot behavior.
</Tip>

All API requests require a Bearer token in the `Authorization` header.

## Get your API key

1. Sign in to the [Notte Console](https://console.notte.cc)
2. Navigate to your account settings
3. Generate or copy your API key

## Using the API key

Set your API key locally before calling the REST API or using the Python SDK:

```bash theme={null}
export NOTTE_API_KEY=your_api_key_here
```

```python theme={null}
from notte_sdk import NotteClient

client = NotteClient()  # reads NOTTE_API_KEY automatically
```

If you want the full machine-readable API contract, the OpenAPI spec is available at:

```text theme={null}
https://api.notte.cc/openapi.json
```

```bash theme={null}
curl https://api.notte.cc/sessions \
  -H "Authorization: Bearer $NOTTE_API_KEY"
```

## Request headers

| Header          | Required | Description                                |
| --------------- | -------- | ------------------------------------------ |
| `Authorization` | Yes      | Bearer token with your API key             |
| `Content-Type`  | Yes      | `application/json` for POST/PATCH requests |