> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Authenticate with the TrueFoundry AI Gateway using a TrueFoundry API key (PAT or VAT).

To access models through the AI Gateway, you authenticate with a **TrueFoundry API key** — not the original provider keys (OpenAI, Anthropic, etc.). The Gateway manages provider credentials centrally, so developers only need a single TrueFoundry token.

Pass your API key as a Bearer token in the `Authorization` header:

```
Authorization: Bearer your-truefoundry-api-key
```

Or set it as an environment variable for the OpenAI SDK:

```bash theme={"dark"}
export OPENAI_BASE_URL="https://gateway.truefoundry.ai"
export OPENAI_API_KEY="your-truefoundry-api-key"
```

## Which token type to use

A TrueFoundry API key is either a **Personal Access Token (PAT)** — tied to your user, best for local development — or a **Virtual Account token (VAT)** — tied to a non-user identity, recommended for production applications, CI/CD, and shared services.

For the comparison, creation steps, security guidance, and rotation, see [API Keys](/docs/generating-truefoundry-api-keys).

<Warning>
  Avoid using PATs in production applications. If the user who created the PAT leaves the organization, the token becomes invalid and your application will lose access.
</Warning>

## Example: Use the AI Gateway with the OpenAI SDK

```python highlight={4} lines theme={"dark"}
from openai import OpenAI

client = OpenAI(
    api_key="your-truefoundry-api-key",
    base_url="https://gateway.truefoundry.ai",
)

response = client.chat.completions.create(
    model="openai-main/gpt-4o-mini",
    messages=[{"role": "user", "content": "Hello!"}],
)
```

For SDK-specific examples (Anthropic, LangChain, and others), see [Native SDK Support](/docs/ai-gateway/native-sdk-support).

## Model access control

Access to models is managed at the provider account level. Users and virtual accounts must be granted access to a provider account before they can call its models. For details on managing permissions, see [Access Control](/docs/ai-gateway/gateway-access-control).
