API keys#
Create and manage API keys for server-side integrations.
Create API key#
Create a new API key that can expire. The secret is only returned once.
typescript
const { data } = await bw.personalAccessTokens.create({
name: 'My Campaign',
});Parameters#
| Name | Type | Required | Description |
|---|---|---|---|
| name | string | Required | Display name for this token. |
| expiresAt | string (ISO 8601) | null | — | When this token should expire. |
Response#
Returns { data } with the result.
Store the key securely
The API key secret is only returned in the creation response. It cannot be retrieved again. Store it securely.
List API keys#
List API keys for the authenticated user.
typescript
const { items, totalCount, facets } = await bw.personalAccessTokens.list();Response#
Returns { items, totalCount, facets } with paginated results.
Revoke API key#
Revoke an API key, immediately invalidating it.
typescript
const { data } = await bw.personalAccessTokens.revoke({
id: 'abc-123',
});Parameters#
| Name | Type | Required | Description |
|---|---|---|---|
| id | string (UUID) | Required | Token identifier to revoke. |
Response#
Returns { data } with the result.
Immediate invalidation
Revoking an API key immediately invalidates it. Any integrations using this key will stop working. This action cannot be undone.
Rotate API key#
Rotate an API key by revoking the old key and creating a new one.
typescript
const { data } = await bw.personalAccessTokens.rotate({
id: 'abc-123',
});Parameters#
| Name | Type | Required | Description |
|---|---|---|---|
| id | string (UUID) | Required | Token identifier to rotate (revokes old, creates new). |
Response#
Returns { data } with the result.