Bootspring
HomeGet Started

API Key Management

Generate, manage, and secure your Bootspring API keys.

Overview

API keys authenticate your applications and CLI with Bootspring:

  • Personal keys - For individual use across projects
  • Project keys - Scoped to a specific project
  • CI/CD keys - For automated pipelines

Key List

The API Keys page displays all your keys:

┌─────────────────────────────────────────────────────────────────────┐ │ API Keys [+ New Key] │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ Production Key [Revoke] │ │ │ │ bs_live_abc... Created: Jan 1, 2024 │ │ │ │ Scopes: read:projects, write:projects, invoke:agents │ │ │ │ Last used: 2 minutes ago Usage: 3,420 calls │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ CI/CD Pipeline [Revoke] │ │ │ │ bs_live_def... Created: Jan 5, 2024 │ │ │ │ Scopes: read:projects, invoke:agents │ │ │ │ Last used: 1 hour ago Expires: Apr 5, 2024 │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ Development (TEST) [Revoke] │ │ │ │ bs_test_xyz... Created: Jan 10, 2024 │ │ │ │ Scopes: all Environment: Test │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────┘

Creating a Key

From Dashboard

  1. Click New Key
  2. Configure key settings:
    • Name - Descriptive name
    • Environment - Production or Test
    • Scopes - Permission scopes
    • Expiration - Optional expiry date
    • Project - Restrict to project (optional)
  3. Click Create Key
  4. Copy the key immediately - It won't be shown again

Key Creation Dialog

┌─────────────────────────────────────────────────────────────────────┐ │ Create API Key [×] │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ Name │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ CI/CD Pipeline Key │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ Environment │ │ (•) Production (bs_live_) ( ) Test (bs_test_) │ │ │ │ Scopes │ │ [x] read:projects [x] invoke:agents │ │ [ ] write:projects [ ] apply:skills │ │ [ ] delete:projects [ ] read:usage │ │ [ ] manage:api-keys │ │ │ │ Expiration (optional) │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ 90 days [▼] │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ Project Restriction (optional) │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ All projects [▼] │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ [Cancel] [Create Key] │ │ │ └─────────────────────────────────────────────────────────────────────┘

Key Prefixes

PrefixEnvironmentDescription
bs_live_ProductionFull access, rate limits apply
bs_test_TestTest data only, relaxed limits

Available Scopes

ScopeDescription
read:projectsRead project data
write:projectsCreate and update projects
delete:projectsDelete projects
invoke:agentsInvoke AI agents
apply:skillsApply skill patterns
read:usageView usage statistics
write:usageTrack custom events
read:subscriptionView subscription details
manage:api-keysCreate and revoke keys

Key Details

Click a key to view details:

Overview

  • Creation date
  • Last used timestamp
  • Total API calls
  • Expiration status

Usage Breakdown

  • Calls by endpoint
  • Calls by project
  • Calls over time

Activity Log

Recent API calls made with this key.

Key Actions

Revoke Key

Revoking a key:

  1. Click Revoke on the key
  2. Confirm the action
  3. Key is immediately invalidated

Warning: Revoking a key cannot be undone.

Rotate Key

To rotate a key without downtime:

  1. Create a new key with same permissions
  2. Update your application with new key
  3. Verify new key works
  4. Revoke old key

Edit Key

You can update:

  • Key name
  • Scopes (can only restrict, not expand)

You cannot update:

  • Environment (production/test)
  • Project restriction

Using API Keys

Environment Variable

Loading code block...

In Code

Loading code block...

In Headers

Loading code block...

Security Best Practices

1. Use Minimal Scopes

Only grant permissions the key actually needs:

# For read-only dashboard Scopes: read:projects, read:usage # For CI/CD Scopes: read:projects, invoke:agents

2. Set Expiration

For temporary access:

  • Contractor keys: 30 days
  • CI/CD: 90 days
  • Personal: Consider rotation every 6 months

3. Use Environment Variables

Never hardcode keys:

Loading code block...

4. Separate Test and Production

Use test keys for development:

Loading code block...

5. Monitor Key Usage

Check usage regularly for anomalies.

Key Limits

PlanMax Keys
Free2
Pro10
Team50
EnterpriseUnlimited

CLI Commands

Loading code block...

API Integration

See API Keys Endpoint for full API reference.

Related