Bootspring
HomeGet Started

API Key Management

Generate, manage, and secure your Bootspring API keys.

Overview#

API keys authenticate your applications and CLI with Bootspring:

  • Personal keys - For individual use across projects
  • Project keys - Scoped to a specific project
  • CI/CD keys - For automated pipelines

Key List#

The API Keys page displays all your keys:

┌─────────────────────────────────────────────────────────────────────┐ │ API Keys [+ New Key] │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ Production Key [Revoke] │ │ │ │ bs_live_abc... Created: Jan 1, 2024 │ │ │ │ Scopes: read:projects, write:projects, invoke:agents │ │ │ │ Last used: 2 minutes ago Usage: 3,420 calls │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ CI/CD Pipeline [Revoke] │ │ │ │ bs_live_def... Created: Jan 5, 2024 │ │ │ │ Scopes: read:projects, invoke:agents │ │ │ │ Last used: 1 hour ago Expires: Apr 5, 2024 │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ │ ┌──────────────────────────────────────────────────────────────┐ │ │ │ Development (TEST) [Revoke] │ │ │ │ bs_test_xyz... Created: Jan 10, 2024 │ │ │ │ Scopes: all Environment: Test │ │ │ └──────────────────────────────────────────────────────────────┘ │ │ │ └─────────────────────────────────────────────────────────────────────┘

Creating a Key#

From Dashboard#

  1. Click New Key
  2. Configure key settings:
    • Name - Descriptive name
    • Environment - Production or Test
    • Scopes - Permission scopes
    • Expiration - Optional expiry date
    • Project - Restrict to project (optional)
  3. Click Create Key
  4. Copy the key immediately - It won't be shown again

Key Creation Dialog#

┌─────────────────────────────────────────────────────────────────────┐ │ Create API Key [×] │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ Name │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ CI/CD Pipeline Key │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ Environment │ │ (•) Production (bs_live_) ( ) Test (bs_test_) │ │ │ │ Scopes │ │ [x] read:projects [x] invoke:agents │ │ [ ] write:projects [ ] apply:skills │ │ [ ] delete:projects [ ] read:usage │ │ [ ] manage:api-keys │ │ │ │ Expiration (optional) │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ 90 days [▼] │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ Project Restriction (optional) │ │ ┌─────────────────────────────────────────────────────────────┐ │ │ │ All projects [▼] │ │ │ └─────────────────────────────────────────────────────────────┘ │ │ │ │ [Cancel] [Create Key] │ │ │ └─────────────────────────────────────────────────────────────────────┘

Key Prefixes#

PrefixEnvironmentDescription
bs_live_ProductionFull access, rate limits apply
bs_test_TestTest data only, relaxed limits

Available Scopes#

ScopeDescription
read:projectsRead project data
write:projectsCreate and update projects
delete:projectsDelete projects
invoke:agentsInvoke AI agents
apply:skillsApply skill patterns
read:usageView usage statistics
write:usageTrack custom events
read:subscriptionView subscription details
manage:api-keysCreate and revoke keys

Key Details#

Click a key to view details:

Overview#

  • Creation date
  • Last used timestamp
  • Total API calls
  • Expiration status

Usage Breakdown#

  • Calls by endpoint
  • Calls by project
  • Calls over time

Activity Log#

Recent API calls made with this key.

Key Actions#

Revoke Key#

Revoking a key:

  1. Click Revoke on the key
  2. Confirm the action
  3. Key is immediately invalidated

Warning: Revoking a key cannot be undone.

Rotate Key#

To rotate a key without downtime:

  1. Create a new key with same permissions
  2. Update your application with new key
  3. Verify new key works
  4. Revoke old key

Edit Key#

You can update:

  • Key name
  • Scopes (can only restrict, not expand)

You cannot update:

  • Environment (production/test)
  • Project restriction

Using API Keys#

Environment Variable#

export BOOTSPRING_API_KEY=bs_live_xxx

In Code#

import { Bootspring } from '@bootspring/sdk'; const bs = new Bootspring({ apiKey: process.env.BOOTSPRING_API_KEY, });

In Headers#

curl -H "Authorization: Bearer bs_live_xxx" \ https://api.bootspring.dev/v1/projects

Security Best Practices#

1. Use Minimal Scopes#

Only grant permissions the key actually needs:

# For read-only dashboard Scopes: read:projects, read:usage # For CI/CD Scopes: read:projects, invoke:agents

2. Set Expiration#

For temporary access:

  • Contractor keys: 30 days
  • CI/CD: 90 days
  • Personal: Consider rotation every 6 months

3. Use Environment Variables#

Never hardcode keys:

// Good const apiKey = process.env.BOOTSPRING_API_KEY; // Bad const apiKey = 'bs_live_xxx...';

4. Separate Test and Production#

Use test keys for development:

# Development export BOOTSPRING_API_KEY=bs_test_xxx # Production export BOOTSPRING_API_KEY=bs_live_xxx

5. Monitor Key Usage#

Check usage regularly for anomalies.

Key Limits#

PlanMax Keys
Free2
Pro10
Team50
EnterpriseUnlimited

CLI Commands#

1# List keys 2bootspring auth keys list 3 4# Create key 5bootspring auth keys create "New Key" --scopes read:projects,invoke:agents 6 7# Revoke key 8bootspring auth keys revoke key_abc123

API Integration#

See API Keys Endpoint for full API reference.

Related#