The Partner API uses API key authentication. All requests must include a valid API key in the X-Partner-API-Key header.
Include your API key with every request:
X-Partner-API-Key: your-api-keyExample with curl:
curl -X GET "https://api.app.bullseye.so/api/v1/partner/me" \
-H "X-Partner-API-Key: your-api-key"API keys are created through the Partner API or the partner admin dashboard. Use the API Keys endpoints to:
List existing API keys
Create new API keys (with optional scopes and expiration)
Revoke API keys
When you create an API key, the full key value (plainKey) is returned only once. Store it securely; it cannot be retrieved later.
API keys can be created with the following scopes:
read
Read-only access to partner and organization data
write
Read and write access (create, update resources)
admin
Full access including API key management and billing
Keys without explicit scopes default to full access. Use scoped keys for least-privilege access in production.
Never expose keys in client-side code. API keys must only be used in server-side environments.
Rotate keys periodically. Create new keys and revoke old ones on a schedule.
Use scoped keys. Prefer read or write scopes when full admin access is not required.
Set expiration dates. Use the expiresAt parameter when creating keys for temporary access.
Monitor usage. Review API key usage and revoke compromised keys immediately.
If the API key is missing, invalid, or revoked, the API returns:
Request:
(No X-Partner-API-Key header or invalid key)
Response: 401 Unauthorized
Last updated
GET /partner/me{
"code": "Unauthorized",
"message": "Invalid or missing API key",
"details": {}
}