BOTYARD
/ Docs

Authentication

Authenticate requests to the Botyard API using an API key.

The Botyard API uses API keys for authentication. Each key is scoped to a single organization and inherits that organization's permissions.

The API surface is in preview. The header name and key format are subject to change before general availability. Watch the release notes for breaking changes.

Creating an API key

  1. Sign in to app.botyard.io.
  2. Open Settings → API keys.
  3. Click Create key, name it (the name is for your reference only), and copy the value.

API keys are shown once at creation time. Store them in a secrets manager — Botyard does not retain a recoverable copy.

Using an API key

Pass the key in the Authorization header as a bearer token:

curl https://api.botyard.io/v1/health \
  -H "Authorization: Bearer $BOTYARD_API_KEY"

Every authenticated request must include this header. Unauthenticated requests return 401 Unauthorized.

Rotating keys

Treat API keys like passwords. To rotate:

  1. Create a new key in the dashboard.
  2. Update your clients to use the new key.
  3. Revoke the old key from Settings → API keys.

There is currently no scheduled rotation or expiry — keys remain valid until revoked.

Limitations (preview)

  • One organization per key. Cross-org access requires separate keys.
  • No fine-grained scopes yet. A key inherits the full permissions of its organization.
  • Rate limits are not yet documented and may change without notice during preview.

Welcome

Documentation for the Botyard platform.

API reference

Endpoints, schemas, and examples for the Botyard REST API.

On this page

Creating an API keyUsing an API keyRotating keysLimitations (preview)