Skip to main content
Authentication in Bondio’s API happens through static API keys. Your organisation account with Bondio will have two environments — test & prod. Each environment has its own set of keys.
Security: An API key provides full access to all the data in a project. Please keep your API key secret at all times, don’t hardcode it in code repositories, and don’t share it with others.

Generating an API key

API keys can be generated from the Bondio portal by following these steps:
  1. Go to the developers section on the sidebar
  2. Click New key at the top right
  3. Carefully copy the key from the display popup
You can only ever view the full key in plain text at the time of creation. If your key gets misplaced or you couldn’t copy it, you will need to delete the existing key on the portal and generate a new one.

Using an API key

Your API key is used as a Bearer token in the Authorization header of your request, for example:
curl --request "GET" \
  --url "https://api.bondio.co/v1/plans" \
  --header "Accept: application/json" \
  --header "Authorization: Bearer ${API_KEY}"

API key error

If the API key is missing or invalid, you will receive a 401 HTTP response code. Here is a sample response:
{
  "code": "Unauthorised",
  "message": "Invalid authorization token",
  "docUrl": "https://docs.bondio.co/authentication"
}