Skip to main content

API keys

Every request is authenticated with a Bridgly API key. A key looks like this:
bgly_Xf8s2Kd9...q1Zn
Send it on every call as a bearer token in the Authorization header:
curl https://api.bridgly.app/reddit/get-user \
  -H "Authorization: Bearer bgly_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{ "username": "spez" }'
Calls are billed to the account the key belongs to. You can create as many keys as you like — for example, one per environment or per service — and revoke any of them without affecting the others.

Managing keys

Keys are managed from the API Keys page of your dashboard:
1

Create

Click Create key, give it an optional name, and copy the value shown.
2

Use

Add it to your app as an environment variable and send it on every request.
3

Revoke

Delete a key from the dashboard when it is no longer needed or may be compromised. Revocation takes effect within moments.
A key’s secret is shown once, at creation. We store only a hash, so we can never display it again. If you lose a key, revoke it and create a new one.

Keeping keys safe

Keep keys server-side

Never ship a key in a browser, mobile app, or public repository. Anyone with the key can spend your credits.

Use one key per service

Separate keys make it easy to rotate or revoke one without disrupting the rest of your integration.

Rotate periodically

Create a new key, switch your app over, then revoke the old one.

Revoke on exposure

If a key leaks, delete it immediately from the dashboard.

Errors

A missing, malformed, or revoked key returns 401 Unauthorized:
{
  "status": "error",
  "message": "Invalid API key"
}
If your account is out of credits, calls return 402 Payment Required. Top up from the Billing page of your dashboard. See Responses & errors for the full list of status codes.