# API Key Authentication Template
# Simplest authentication method for server-to-server communication

## Environment Setup
A2A_API_KEY=your_api_key_here

## Python Example
```python
from a2a_protocol import A2AClient
import os

client = A2AClient(api_key=os.getenv("A2A_API_KEY"))
```

## TypeScript Example
```typescript
import { A2AClient } from '@a2a/protocol';

const client = new A2AClient({
    apiKey: process.env.A2A_API_KEY
});
```

## Java Example
```java
A2AClient client = A2AClient.builder()
    .apiKey(System.getenv("A2A_API_KEY"))
    .build();
```

## C# Example
```csharp
var client = new A2AClient(new A2AClientOptions
{
    ApiKey = Environment.GetEnvironmentVariable("A2A_API_KEY")
});
```

## Go Example
```go
client, err := a2a.NewClient(&a2a.ClientOptions{
    APIKey: os.Getenv("A2A_API_KEY"),
})
```

## Best Practices
1. Never hardcode API keys in code
2. Use environment variables or secret management
3. Rotate keys regularly (e.g., every 90 days)
4. Use different keys for different environments
5. Monitor key usage for anomalies
6. Implement key expiration where possible
7. Revoke compromised keys immediately

## Security Checklist
- [ ] API key stored in environment variable
- [ ] .env file in .gitignore
- [ ] Different keys for dev/staging/prod
- [ ] Key rotation schedule defined
- [ ] Monitoring/alerting configured
- [ ] Key permissions minimized (least privilege)
