API Keys Endpoint
Manage API keys for programmatic access.
Endpoints#
| Method | Endpoint | Description |
|---|---|---|
GET | /api-keys | List API keys |
POST | /api-keys | Create an API key |
GET | /api-keys/:id | Get API key details |
PATCH | /api-keys/:id | Update an API key |
DELETE | /api-keys/:id | Revoke an API key |
API Key Object#
1{
2 "id": "key_abc123",
3 "name": "Production API Key",
4 "prefix": "bs_live_abc",
5 "scopes": ["read:projects", "write:projects", "read:usage"],
6 "lastUsedAt": "2024-01-15T10:30:00Z",
7 "expiresAt": null,
8 "createdAt": "2024-01-01T00:00:00Z"
9}Note: The full API key is only returned once when created. Store it securely.
List API Keys#
GET /api-keysExample Request#
curl https://api.bootspring.dev/v1/api-keys \
-H "Authorization: Bearer bs_xxx"Response#
1{
2 "data": [
3 {
4 "id": "key_abc123",
5 "name": "Production API Key",
6 "prefix": "bs_live_abc",
7 "scopes": ["read:projects", "write:projects"],
8 "lastUsedAt": "2024-01-15T10:30:00Z",
9 "expiresAt": null,
10 "createdAt": "2024-01-01T00:00:00Z"
11 },
12 {
13 "id": "key_def456",
14 "name": "CI/CD Key",
15 "prefix": "bs_live_def",
16 "scopes": ["read:projects"],
17 "lastUsedAt": "2024-01-14T08:00:00Z",
18 "expiresAt": "2024-06-01T00:00:00Z",
19 "createdAt": "2024-01-01T00:00:00Z"
20 }
21 ]
22}Create API Key#
POST /api-keysRequest Body#
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Key name (1-100 chars) |
scopes | array | No | Permission scopes (default: all) |
expiresInDays | integer | No | Days until expiration |
Available Scopes#
| Scope | Description |
|---|---|
read:projects | Read project data |
write:projects | Create and update projects |
delete:projects | Delete projects |
read:usage | View usage statistics |
write:usage | Track usage events |
read:subscription | View subscription details |
manage:api-keys | Create and revoke API keys |
invoke:agents | Invoke AI agents |
apply:skills | Apply skill patterns |
Example Request#
1curl -X POST https://api.bootspring.dev/v1/api-keys \
2 -H "Authorization: Bearer bs_xxx" \
3 -H "Content-Type: application/json" \
4 -d '{
5 "name": "CI/CD Pipeline Key",
6 "scopes": ["read:projects", "invoke:agents"],
7 "expiresInDays": 90
8 }'Response#
1{
2 "data": {
3 "id": "key_ghi789",
4 "name": "CI/CD Pipeline Key",
5 "key": "bs_live_ghi789xyz...",
6 "prefix": "bs_live_ghi",
7 "scopes": ["read:projects", "invoke:agents"],
8 "expiresAt": "2024-04-15T00:00:00Z",
9 "createdAt": "2024-01-15T12:00:00Z"
10 }
11}Important: The key field contains the full API key. This is the only time it will be shown. Store it securely.
Get API Key#
GET /api-keys/:idExample Request#
curl https://api.bootspring.dev/v1/api-keys/key_abc123 \
-H "Authorization: Bearer bs_xxx"Response#
Returns the API key object (without the full key).
Update API Key#
PATCH /api-keys/:idRequest Body#
| Field | Type | Description |
|---|---|---|
name | string | Key name |
scopes | array | Permission scopes |
Example Request#
1curl -X PATCH https://api.bootspring.dev/v1/api-keys/key_abc123 \
2 -H "Authorization: Bearer bs_xxx" \
3 -H "Content-Type: application/json" \
4 -d '{
5 "name": "Updated Key Name",
6 "scopes": ["read:projects", "write:projects", "invoke:agents"]
7 }'Response#
Returns the updated API key object.
Revoke API Key#
DELETE /api-keys/:idExample Request#
curl -X DELETE https://api.bootspring.dev/v1/api-keys/key_abc123 \
-H "Authorization: Bearer bs_xxx"Response#
1{
2 "data": {
3 "revoked": true,
4 "id": "key_abc123"
5 }
6}Key Prefixes#
| Prefix | Environment |
|---|---|
bs_live_ | Production keys |
bs_test_ | Test/development keys |
Test keys can only access test data and have lower rate limits.
Best Practices#
1. Use Minimal Scopes#
Only grant the scopes needed for each key:
{
"name": "Read-Only Dashboard Key",
"scopes": ["read:projects", "read:usage"]
}2. Set Expiration for Temporary Keys#
{
"name": "Contractor Access",
"scopes": ["read:projects"],
"expiresInDays": 30
}3. Rotate Keys Regularly#
Create new keys and revoke old ones periodically:
1# Create new key
2curl -X POST /api-keys -d '{"name": "Production Key v2", ...}'
3
4# Update application with new key
5
6# Revoke old key
7curl -X DELETE /api-keys/key_old4. Use Environment Variables#
# Never hardcode keys
export BOOTSPRING_API_KEY=bs_live_xxx
# Use in application
const apiKey = process.env.BOOTSPRING_API_KEY;Limits#
| Plan | Max Keys |
|---|---|
| Free | 2 |
| Pro | 10 |
| Team | 50 |
| Enterprise | Unlimited |
Errors#
| Code | Description |
|---|---|
key_not_found | API key doesn't exist |
key_limit_exceeded | Maximum keys reached |
invalid_scope | Unknown scope specified |
key_expired | API key has expired |