# Authentication

Use bearer API keys created from a signed-in Restory account. API key access is included on Pro, Pro Yearly, Ultra, and Ultra Yearly.

## Fast links

- Web page: https://www.restory.pics/agent/docs/authentication
- Markdown: https://www.restory.pics/api/agent/docs/markdown/authentication
- Capabilities JSON: https://www.restory.pics/api/agent/capabilities
- OpenAPI JSON: https://www.restory.pics/api/agent/openapi
- API keys: https://www.restory.pics/agent

## API keys

Restory API keys use the `rst_` prefix and are passed with the standard bearer header.

```http
Authorization: Bearer rst_...
```

## Plan access

API key creation and API-key authenticated workflows require AI Agent API Access, included with Pro, Pro Yearly, Ultra, and Ultra Yearly plans. Free trial and Starter accounts can view public discovery, but cannot create or use API keys.

## Key storage

Restory shows the key secret once. The database stores only a peppered SHA-256 hash, so users must copy the key when it is created.

## Revocation

Users can revoke keys from `/agent`. Revoked keys stop working immediately and existing keys are blocked automatically if the account no longer has Pro or Ultra API access.