# Authentication GraphQL API requires to be authenticated in order to process requests. In order to obtain access to API resources, an API key is required to be sent along with the appropriate GraphQL query as an HTTP header - `X-API-KEY`. {% hint style="info" %} Keys can be created in Ergonode System Settings in the API keys tab. {% endhint %} ## Mutations By default, the API key grants you access to queries, meaning you can only read data. If mutations(write) access is required you need to specify write access on key creation. ## Limiting products catalog with segments A regular API key provides you with access to the entire product catalog. It is also possible to limit that by assigning a segment while creating the key. If assigned the consumer will only have access to the products available in the specific segment. This also means that, if write access is granted, you'll be able only to modify the data of products available within the segment. The only exception from that is when the product is created in batch request with further mutations - though possibly not yet part of the segment since you are the creator of it you can modify its data within this request. {% hint style="info" %} API keys, due to security reasons, cannot be changed. If you require a different key just generate a new one in Ergonode settings. {% endhint %} {% hint style="warning" %} Segment recalculation is an asynchronous process, therefore, sending mutations in separate requests(create and then update) can fail on update - access can not yet be granted. The best approach for keys assigned to the segment is to create and update the product in [batch mutation](/graphql/guides/batching-mutations.md). {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ergonode.com/graphql/guides/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.