> ## Documentation Index
> Fetch the complete documentation index at: https://docs.jelou.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How the platform protects your functions with runtime tokens, how to use X-Jelou-Token, and how to make functions public.

Every deployed function is protected by default with a **runtime token**. Requests without a valid token receive `401 Unauthorized`.

## Quick start

<Steps>
  <Step title="Deploy your function">
    ```bash theme={null}
    jelou functions deploy
    # ✓ Deployed
    # ▸ URL: https://my-function.fn.jelou.ai
    # ⚠ A default runtime token was created for this function.
    #   Save it now — it will not be shown again.
    # ▸ Token    jfn_rt_abc123...
    ```

    The first deploy automatically generates a runtime token.

    <Warning>
      **Save the token immediately.** It will not be shown again. If you lose it, create a new one with `jelou tokens create`.
    </Warning>
  </Step>

  <Step title="Call with the token">
    ```bash theme={null}
    curl -X POST https://my-function.fn.jelou.ai \
      -H "Content-Type: application/json" \
      -H "X-Jelou-Token: jfn_rt_abc123..." \
      -d '{"query": "test"}'
    ```

    Successful response:

    ```json theme={null}
    { "results": [] }
    ```

    Without token or with invalid token:

    ```json theme={null}
    { "error": "Unauthorized", "message": "Missing or invalid X-Jelou-Token header" }
    ```
  </Step>
</Steps>

## How it works

1. On the first deploy, the platform generates a runtime token (prefix `jfn_rt_`)
2. Every request must include that token in the `X-Jelou-Token` header
3. If the token is valid, the request reaches your handler. Otherwise, it returns `401`

## Routes without authentication

The `/__health` and `/openapi.json` routes never require a token. Cron triggers don't either — the platform authenticates them automatically.

## Usage examples

<Tabs>
  <Tab title="curl">
    ```bash theme={null}
    curl -X POST https://my-function.fn.jelou.ai \
      -H "Content-Type: application/json" \
      -H "X-Jelou-Token: jfn_rt_abc123..." \
      -d '{"phone": "593987654321"}'
    ```
  </Tab>

  <Tab title="Node.js">
    ```javascript theme={null}
    const res = await fetch("https://my-function.fn.jelou.ai", {
      method: "POST",
      headers: {
        "Content-Type": "application/json",
        "X-Jelou-Token": process.env.JELOU_FUNCTION_TOKEN,
      },
      body: JSON.stringify({ phone: "593987654321" }),
    });
    const data = await res.json();
    ```
  </Tab>

  <Tab title="Python">
    ```python theme={null}
    import requests
    import os

    res = requests.post(
        "https://my-function.fn.jelou.ai",
        headers={
            "Content-Type": "application/json",
            "X-Jelou-Token": os.environ["JELOU_FUNCTION_TOKEN"],
        },
        json={"phone": "593987654321"},
    )
    data = res.json()
    ```
  </Tab>

  <Tab title="Brain Studio (MCP)">
    To connect your function as an external MCP server in Brain Studio:

    1. URL: `https://my-function.fn.jelou.ai/mcp`
    2. Header: `X-Jelou-Token` → `jfn_rt_abc123...`

    <Tip>
      See the [Brain Studio guide](/en/guides/functions/brain) for step-by-step instructions.
    </Tip>
  </Tab>
</Tabs>

<Warning>
  The platform does not validate anything — your code is responsible.
</Warning>