Authentication#

API key authentication

Brandwave API keys authenticate server-side integrations, automation, and AI tools. Create and manage keys from your organization settings.

Include your API key in the Authorization header of every request.

Getting your API key#

API keys are managed in your organisation settings. Each key is scoped to a single organisation and inherits the permissions of the user who created it.

Sign in to your Brandwave dashboard
Navigate to Organisation Settings
Select the API Keys tab
Click Create API Key and give it a descriptive name

Keep your key secret

API keys grant full access to your organisation's data. Never commit them to version control, expose them in client-side code, or share them publicly.

Using your API key#

Pass your API key as a Bearer token in the Authorization header.

bash

curl https://api.gobrandwave.com/v1/activities \
  -H "Authorization: Bearer bw_live_abc123def456"

SDK authentication#

If you use the TypeScript SDK, pass the key when creating the client. The SDK handles the header automatically.

typescript

import { createBrandwave } from '@brandwave/ts';

const bw = createBrandwave({
  apiKey: process.env.BRANDWAVE_API_KEY,
});

Error responses#

Authentication errors return a 401 Unauthorized status with a JSON error body.

json

{
  "error": "unauthorized",
  "message": "Invalid or expired API key."
}

Common causes#

Missing Authorization header
Incorrect key format (must start with bw_live_)
Revoked or expired API key
Key does not belong to the requested organisation