# Authentication

All API requests must be authenticated using an API key.

## Base URL

```
https://us-central1-record-meeting-app.cloudfunctions.net/api/v1
```

## API key authentication

Include your API key in the `Authorization` header:

```
Authorization: Bearer <your_api_key>
```

To create an API key, see [User Guide → API Keys](https://support.recordmeeting.com/user-guide/api-keys).

### Example request

```bash
curl -X GET "https://us-central1-record-meeting-app.cloudfunctions.net/api/v1/recordings" \
  -H "Authorization: Bearer rm_your_api_key_here"
```

## Error responses

All errors follow this format:

```json
{
  "error": {
    "code": "ERROR_CODE",
    "message": "Human readable description"
  }
}
```

### Authentication error codes

| Code              | HTTP Status | Meaning                                                 |
| ----------------- | ----------- | ------------------------------------------------------- |
| `UNAUTHORIZED`    | 401         | Missing or malformed `Authorization` header             |
| `INVALID_API_KEY` | 401         | The key does not exist or has been revoked              |
| `API_KEY_EXPIRED` | 401         | The key has expired                                     |
| `USER_NOT_FOUND`  | 401         | The user associated with the key no longer exists       |
| `FORBIDDEN`       | 403         | Authenticated, but lacking permission for this resource |

## Common error codes

| Code                  | HTTP Status | Meaning                                              |
| --------------------- | ----------- | ---------------------------------------------------- |
| `RECORDING_NOT_FOUND` | 404         | The recording ID does not exist or is not accessible |
| `RECORDING_LOCKED`    | 403         | Feature requires a subscription upgrade              |
| `VALIDATION_ERROR`    | 400         | Invalid or missing request parameters                |
| `INTERNAL_ERROR`      | 500         | Server-side error                                    |