Authentication
How to authenticate with the BSBsec API.
Authentication
All API requests must include a valid API key in the Authorization header.
API key
Use Bearer token authentication:
Authorization: Bearer YOUR_API_KEY
Scopes
API keys can be restricted by scope. Common scopes:
| Scope | Description |
| ------------ | ------------------------------ |
| audit:read | Read audit reports |
| audit:write| Submit contracts for audit |
| alerts:read| Read security alerts |
| admin | Full access (use with care) |
Best practices
- Rotate keys periodically
- Use separate keys for development and production
- Never expose keys in client-side code or public repos