> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praeto.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Tenants and API Keys

> Tenant scoping and authentication model.

# Tenants and API Keys

A **tenant** is the isolation boundary for Praeto Dispatcher. Every endpoint, event, delivery, attempt, usage record, and API key belongs to a tenant.

## Tenant API keys

Tenant routes use bearer token authentication:

```http theme={null}
Authorization: Bearer praeto_live_xxxxxxxxxxxxxxxxx
```

Tenant API keys should be stored server-side only. Do not expose them in browsers, mobile apps, or customer-controlled code.

## Admin API key

Admin routes use a separate admin key configured as a Cloudflare Worker secret:

```powershell theme={null}
npx wrangler secret put ADMIN_API_KEY
```

Admin routes include `POST /v1/admin/tenants`, `POST /v1/admin/api-keys`, and `POST /v1/admin/retention/run`.
