API Keys

Overview

API keys allow you to access the API without session cookies. They are ideal for server-to-server communication and external service integrations.

Creating an API Key

You can create API keys from the organization settings page or via the API.

curl -X POST https://api.blueai.jp/api/v1/api-keys \
  -H "Content-Type: application/json" \
  -b cookies.txt \
  -d '{"name":"My Integration"}'

Using an API Key

Include the API key as a Bearer token in the Authorization header of your requests.

curl https://api.blueai.jp/api/v1/crm/deals \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxxxxxxxxxx"

const res = await fetch("https://api.blueai.jp/api/v1/crm/deals", {
  headers: {
    Authorization: "Bearer sk_live_xxxxxxxxxxxxxxxxxxxx",
  },
});
const data = await res.json();

Security

API keys are sensitive credentials, just like passwords. Follow these best practices.

• Never include API keys in client-side code
• Store keys in environment variables, not in source code
• Revoke unused keys immediately
• Grant minimum required permissions per key

Revoking an API Key

If an API key is compromised or no longer needed, revoke it immediately. Requests using a revoked key will be rejected instantly.

curl -X DELETE https://api.blueai.jp/api/v1/api-keys/ak_123e4567e89b12d3a456426614174000 \
  -b cookies.txt