Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytestack.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys are the primary way to authenticate requests to the ByteStack API. Each key is a bearer token that identifies your account and determines what actions the caller is permitted to perform. You can create as many keys as you need — one per service, environment, or team member — and revoke them individually without affecting the rest.

Create an API key

1

Open API key settings

In the ByteStack dashboard, go to Settings → API Keys and click New Key.
2

Name your key

Give the key a descriptive name that identifies where it will be used — for example, production-backend or ci-pipeline. You cannot rename a key after creation.
3

Choose a scope

Select the minimum scope your integration needs. See key scopes below.
4

Copy the key

The full key value is shown once, immediately after creation. Copy it now and store it securely. ByteStack does not display the full key again after you leave this screen.

Key scopes

Every API key is assigned one of three scopes. Choose the narrowest scope that covers what your integration needs.

read

Query results, storage objects, and job status. Use for dashboards, reporting pipelines, and read-only integrations.

write

Everything in read, plus creating queries and jobs. Use for backend services that submit queries on behalf of users.

admin

Full access, including webhook configuration and API key management. Use only for account-level automation or infrastructure tooling.

Use a key in a request

Include your API key in the Authorization header of every request as a bearer token. 
curl --request POST \
  --url https://api.bytestack.dev/v1/queries \
  --header "Authorization: Bearer YOUR_API_KEY" \
  --header "Content-Type: application/json" \
  --data '{"prompt": "What is the sentiment around our brand on X this week?"}'

Best practices

  • Use environment variables — store your API key in an environment variable (for example, BITKIT_API_KEY) and read it at runtime. Never hardcode keys in source files.
  • Never commit keys to source control — add .env and any secrets files to .gitignore. Use a secrets manager for production deployments.
  • Use the minimum required scope — a reporting dashboard only needs read; a backend service that submits queries needs write. Reserve admin for infrastructure tooling only.
  • Create one key per service — using separate keys for each service or environment makes it easy to rotate or revoke access for a single integration without disrupting others.

Rotate a key

Key rotation is a two-step process that lets you transition without downtime:
1

Create a new key

Go to Settings → API Keys → New Key. Give it the same scope as the key you are replacing and copy the new value.
2

Update your integration

Replace the old key value with the new key in your environment variables, secrets manager, or deployment configuration. Deploy the change and verify that your integration is working correctly with the new key.
3

Delete the old key

Once you have confirmed that the new key is active and your integration is healthy, go to Settings → API Keys, click the old key, and select Revoke. The old key is immediately invalidated.

Revoke a key

To revoke a key, go to Settings → API Keys, click the key you want to remove, and select Revoke. Revocation takes effect immediately.
Revoking a key is immediate and irreversible. Any in-flight requests using the revoked key will fail, and the key cannot be restored. Make sure you have switched all dependent services to a new key before revoking.
If you suspect an API key has been compromised, revoke it immediately and create a replacement. Then audit the affected services to confirm no unauthorized requests were made. Contact legal@bytestack.dev if you believe your account was accessed without authorization.