API Keys
All API requests require a Bearer token in theAuthorization header.
Key Types
| Type | Prefix | Scope | Status |
|---|---|---|---|
| Project key | bzy_proj_ | Single project | Available |
| Team key | bzy_team_ | Selected team endpoints | Available |
| Personal access token | bzy_pat_ | All projects you have access to | Coming soon |
Generating a Project Key
- Go to Dashboard → Project Settings → API Key
- Click Generate API Key
- Copy the key immediately — it’s only shown once
- The key prefix (e.g.,
bzy_proj_abc1...) is stored for identification
401.
Generating a Team Key
Go to Team Settings → API Keys. Team keys are required for/api/v1/teams/{team-id}/... endpoints. Team keys are currently limited to selected team-scoped configuration surfaces such as integrations, environments/env vars, and automations. Execution, test-run, bug-report, and onboarding APIs remain project-scoped. Project keys cannot call team endpoints, and team keys cannot call project endpoints.
Rate Limiting
All endpoints are rate-limited per API key. Current limits:- 60 requests per minute per key
| Header | Description |
|---|---|
X-RateLimit-Limit | Maximum requests per window |
X-RateLimit-Remaining | Requests remaining in current window |
X-RateLimit-Reset | Unix timestamp when the window resets |
429 Too Many Requests.
Error Responses
All errors follow a consistent format:Error Codes
| Status | Code | Description |
|---|---|---|
| 400 | VALIDATION_ERROR | Invalid request body or parameters |
| 401 | UNAUTHORIZED | Missing or invalid API key |
| 404 | NOT_FOUND | Resource not found (or not accessible) |
| 429 | RATE_LIMITED | Rate limit exceeded |
| 500 | INTERNAL_ERROR | Internal server error |
404 is returned for both non-existent resources and resources the API key doesn’t have access to (to avoid leaking existence).