> ## Documentation Index
> Fetch the complete documentation index at: https://docs.radion.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate RPC requests with a paid Radion API key.

RPC uses the same API keys as the REST API. Send your key in the `X-API-Key` header on every request.

```bash title="Authenticated RPC request" theme={null}
curl "https://rpc.radion.app" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"eth_blockNumber","params":[]}'
```

Use the key value as it is. Do not put `Bearer` in front of it.

## Paid plans only

RPC needs a **paid** plan: `starter`, `pro`, or `enterprise`. A valid key on the **free** plan is rejected.

You can check the plan on a key with `GET /auth/me` on the REST API. See [REST Authentication](/api/authentication).

## What errors mean

| Case                                  | Response           |
| ------------------------------------- | ------------------ |
| You sent no key                       | `401 Unauthorized` |
| The key is wrong or turned off        | `401 Unauthorized` |
| The key is valid but on the free plan | `403 Forbidden`    |

Errors come back as JSON-RPC error objects.

```json title="Free plan rejected" theme={null}
{
  "jsonrpc": "2.0",
  "id": 1,
  "error": { "code": -32000, "message": "RPC requires a paid plan" }
}
```

## Good habits

* Keep secret keys (`sk_...`) on your server, never in a browser.
* Use a different key for each app or environment when you can.
* Make a new key if you think an old one leaked.
