API Keys

Organization API keys let you access the Bullseye API programmatically from your own servers, scripts, or CI/CD pipelines — without requiring a browser session.

Accessing API Keys

Navigate to Organization Settings > API Keys in the sidebar. This section is visible to organization owners.

Creating an API Key

Click Create API Key
Enter a descriptive name (e.g., "Production Server", "Staging Integration")
Select the scopes your integration requires:
- Read — View visitors, companies, lists, and analytics
- Write — Create and update lists, ICP configs, and settings
- Admin — Full access including API key management
- Agency Read / Agency Write — Available for agency accounts to manage sub-organizations
Click Create Key
Copy the key immediately from the confirmation dialog

The full key is displayed only once. If you lose it, revoke the old key and create a new one.

Using an API Key

Include the key in the X-API-Key header of your HTTP requests:

curl -X GET "https://api.app.bullseye.so/api/v1/organization/{org_id}/api-keys" \
  -H "X-API-Key: bsk_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4" \
  -H "Content-Type: application/json"

Viewing Keys

The API Keys page displays all keys for your organization with:

Name — The label you assigned when creating the key
Key prefix — The first characters of the key for identification (the rest is masked)
Scopes — Permissions granted to the key
Status — Active or revoked
Last used — When the key was last used to make an API request
Created — When the key was created

Revoking a Key

Click Revoke next to any active key and confirm. Revocation is immediate and permanent — any application using the key will lose access. Create a new key before revoking if you need uninterrupted access.

Rate Limits

API key requests are limited to 1,000 requests per minute per key. Rate limit information is included in response headers. See the Authentication reference for details.

Security Best Practices

Name keys descriptively so you know where each one is used
Grant only the scopes your integration needs
Set an expiration date for keys used in temporary or staging environments
Rotate keys periodically by creating a new key, updating your integration, then revoking the old one
Never commit keys to version control or expose them in client-side code

PreviousTeam Management NextIntegrations Overview

Last updated 2 months ago

Good morning

hashtagAccessing API Keys

hashtagCreating an API Key

hashtagUsing an API Key

hashtagViewing Keys

hashtagRevoking a Key

hashtagRate Limits

hashtagSecurity Best Practices