Skip to main content

API Key Authentication

The Bullitt e-BSS API uses API key authentication to secure all endpoints and ensure that only authorized clients can access the resources. API keys provide a simple and effective way to authenticate requests to the API without the complexity of OAuth or other token-based authentication methods.

Obtaining an API Key

API keys are organization-specific and can be obtained through the following channels:

  1. Admin Dashboard: Organization administrators can generate API keys from the e-BSS Admin Portal under "API Management"
  2. Account Representative: Contact your Bullitt account representative to request a new API key

Each API key is tied to an organization and inherits the permissions of that organization within the hierarchy.

Using Your API Key

To authenticate your API requests, include your API key in the x-api-key HTTP header:

x-api-key: ak_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

API Key Security

Follow these best practices to keep your API keys secure:

  1. Never share your API key: Treat your API key like a password. Don't share it in public repositories, client-side code, or directly with end users.

  2. Store securely: Store API keys in environment variables or secure credential storage systems, not in your code.

  3. Regularly rotate keys: Periodically generate new API keys and deprecate old ones, especially when team members leave or when you suspect a key might be compromised.

  4. Monitor usage: Regularly review API key usage to detect any unusual patterns that might indicate unauthorized access.

API Key Permissions

API keys inherit the permissions of the organization they're tied to. This means:

  • An API key can only access resources within its organization and sub-organizations
  • Actions are limited to those permitted for the organization level
  • Note: To access higher-level organizations, you need an API key from that higher-level organization

Next Steps

Now that you understand how to authenticate with the e-BSS API, you can:

  1. Make your first API call
  2. Learn about organization hierarchies
  3. Explore device management

If you have any questions or need assistance, don't hesitate to contact our support team.