API Authentication
Authenticate requests to the BusyBots public API using an organization-scoped API key.
The BusyBots public API is authenticated with an organization-scoped API key — no OAuth flow, no session cookies.
Generating an API key
- In the dashboard, go to Settings → Organization → Developers
- Select Create API Key
- Copy the generated key immediately — it's shown once and cannot be retrieved again
API keys are prefixed (api_...) and stored hashed — BusyBots never stores or displays the raw key after creation. If you lose a key, revoke it and create a new one.
Making an authenticated request
Pass your API key in the X-API-Key header on every request:
curl https://api.busybots.co/organization \
-H "X-API-Key: YOUR_API_KEY"A request without a valid key returns 401 Unauthorized.
Scope
API keys are scoped to a single organization. Every request authenticated with a key only returns data for that organization — there's no way to access another organization's data with a valid key, and no additional organizationId parameter is needed or accepted.
Key management
- Revoke a key immediately from Settings → Organization → Developers if it's compromised
- Keys can have an optional expiry date
- Each key's last-used timestamp is tracked, so you can spot stale or unused keys
Full API reference
The complete, auto-generated API reference (endpoints, request/response schemas, and try-it-now console) is available at the public API's Swagger UI. Find the link under Resources → API Reference in the site navigation, or from your dashboard's Developers settings page.
The public API is under active development — check the reference for the current set of available endpoints.
Troubleshooting
Getting 401 on every request. Confirm the header name is exactly X-API-Key (not Authorization: Bearer) and that the key hasn't been revoked or expired.
Key works but returns no data. Confirm you're querying the organization the key was created for — keys are not portable across organizations.