> ## Documentation Index
> Fetch the complete documentation index at: https://docs.flowxi.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

Flowxi uses **Bearer tokens** to authenticate API requests. Tokens are issued after a successful login or registration.

**⚠️ Tokens are shown only once** at creation time. Copy and store them securely — they cannot be retrieved later.

### 🔑 How authentication works

* Pass your token in the `Authorization` header using the Bearer scheme.
* No username or password is sent on API requests.
* All requests **must** be made over HTTPS. Plain HTTP requests are rejected.
* Missing, invalid, or expired tokens return **401 Unauthorized**.

> ❗️ Tokens grant full access to the account. Never expose them publicly, in logs, or in internal tools.

### Sandbox environment

* Sandbox tokens are scoped to a single developer account.
* Sandbox tokens are isolated and never shared with other team members.
* Production and sandbox tokens are strictly separated.

### Example request

```bash theme={null}
curl --location 'https://api.flowxi.app/api/v1/auth/devices' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer <ACCESS_TOKEN>'
```
