Authentication

The Bundata API uses API keys for authentication. Send the key in the Authorization header. For the Platform UI, you sign in with your account; the API is for programmatic access.

API keys

1. Create a key — In the Bundata dashboard, go to Settings or API keys and create a new key. Copy it once; it may not be shown again.

2. Use in requests — Include the key in every request:

   Authorization: Bearer <your-api-key>

3. Scopes — Keys can be scoped to a workspace or to specific operations (e.g. read-only). Restrict keys to the minimum needed.

Security best practices

• Do not commit keys — Use environment variables or a secrets manager (e.g. BUNDATA_API_KEY).
• Rotate keys — Rotate keys periodically and revoke keys that may be compromised.
• Use separate keys — Use different keys for development, staging, and production.

Service accounts (enterprise)

For automation and CI/CD, use service accounts where available. Service accounts are non-human identities with their own API keys and permissions. See your plan and admin docs for setup.

Errors

• 401 Unauthorized — Missing or invalid API key. Check the header and key value.
• 403 Forbidden — Key is valid but not allowed to perform this action. Check scopes and workspace access.

Next steps

• SDK quickstart — Use the key in the SDK.
• REST API overview — All API endpoints.
• Rate limits — Request limits per key and plan.