> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vh3.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Security and API keys

> Credentials, AI usage, and PII handling.

## Security and API keys

<AccordionGroup>
  <Accordion title="Which API key and credentials should I use?">
    Each company receives a company ID and a VH3 API key during onboarding. Admin users can generate and manage API keys from the VH3 Connect dashboard. The key is issued by VH3 and scopes access to your organisation.

    For intelligence endpoints, pass the API key alongside your company ID in the request body. For BigChange proxy endpoints, send it in the `X-API-Key` header. For interactive apps, users log in with email and password and all client calls use a short-lived JWT — no API key in client-side code.

    See [Authentication](/authentication) for exact request shapes and examples.
  </Accordion>

  <Accordion title="Are sentinel alerts generated by AI?">
    Sentinel detection uses structured analytics on the operational model, keeping AI cost near zero at the watch layer. When a sentinel triggers, the result can be enriched with an AI-generated narrative so downstream agents and automations have context. Connie and email enrichment use LLMs where configured.
  </Accordion>

  <Accordion title="What about PII?">
    Enrichment pipelines normalise and, where appropriate, strip PII from text destined for semantic search. Contact records in the platform may hold PII for operational matching and are accessed only through authenticated VH3 surfaces. For contractual detail on data residency and processing, ask for your data processing agreement.
  </Accordion>
</AccordionGroup>
