> ## Documentation Index
> Fetch the complete documentation index at: https://docs.scanoss.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate the SCANOSS JavaScript SDK with an API key and configure custom API endpoints.

## Default Behaviour

By default, `Scanner` connects to the SCANOSS OSS Knowledge Base API at
`https://api.osskb.org` without requiring any authentication.

## Using an API Key

When `cfg.API_KEY` is set and `cfg.API_URL` has not been explicitly configured,
the SDK automatically switches to the SCANOSS authenticated (Premium) endpoint.
Assign your key to the `API_KEY` property on a `ScannerCfg` instance:

> **Note:** Omit `cfg.API_URL` when using this configuration. If `API_URL` is
> set explicitly, it takes precedence over the automatic endpoint selection
> described below.

```typescript theme={null}
import { Scanner, ScannerCfg, ScannerEvents } from "scanoss";

const cfg = new ScannerCfg();
cfg.API_KEY = "your-api-key";

const scanner = new Scanner(cfg);

scanner.on(ScannerEvents.SCAN_DONE, (resultPath) => {
  console.log("Results written to:", resultPath);
});

scanner.scan([
  {
    fileList: ["/path/to/file.js"],
  },
]);
```

## Using a Custom API URL

To direct the SDK to a different endpoint, assign the target URL to the
`API_URL` property on a `ScannerCfg` instance:

```typescript theme={null}
import { Scanner, ScannerCfg, ScannerEvents } from "scanoss";

const cfg = new ScannerCfg();
cfg.API_URL = "https://your-custom-api-url";

const scanner = new Scanner(cfg);

scanner.on(ScannerEvents.SCAN_DONE, (resultPath) => {
  console.log("Results written to:", resultPath);
});

scanner.scan([
  {
    fileList: ["/path/to/file.js"],
  },
]);
```

## Using an API Key with a Custom URL

`API_KEY` and `API_URL` can be set together. When `API_URL` is explicitly
assigned to any value other than the default or authenticated endpoint URLs,
it takes precedence — the custom URL is always used regardless of whether an
API key is present. The API key is still sent in the request headers.

```typescript theme={null}
import { Scanner, ScannerCfg, ScannerEvents } from "scanoss";

const cfg = new ScannerCfg();
cfg.API_URL = "https://your-custom-api-url";
cfg.API_KEY = "your-api-key";

const scanner = new Scanner(cfg);

scanner.on(ScannerEvents.SCAN_DONE, (resultPath) => {
  console.log("Results written to:", resultPath);
});

scanner.scan([
  {
    fileList: ["/path/to/file.js"],
    folderRoot: "/path/to", // Optional: sets the root path used to resolve relative file paths
  },
]);
```