# Custom auth strategies

For auth beyond PATs, implement `AuthStrategy`:

```ts
import type { AuthStrategy } from "@renai-labs/sdk"

interface AuthStrategy {
  apply(req: { headers: Headers; url: URL }): void | Promise<void>
}

const apiKey: AuthStrategy = {
  apply: ({ headers }) => {
    headers.set("X-Api-Key", process.env.MY_KEY!)
  },
}

createRenClient({ baseUrl, auth: apiKey })
```

## Token rotation

```ts
const rotating: AuthStrategy = {
  apply: async ({ headers }) => {
    const token = await fetchFreshToken()
    headers.set("Authorization", `Bearer ${token}`)
  },
}
```

## Related

- **[Authentication](/authentication)** — PAT setup.
- **[Client](/sdk/client)** — client configuration.