Get Started
Busy BeeBusy Bee

API keys

Give your own code, scripts, or systems a secure way to reach Busy Bee — start work and see what's queued.

An API key lets your own code, scripts, or other systems reach Busy Bee without a browser login. Use one to hand off work from a system you already run — kick off tasks and check what's waiting to run.

Create and manage keys

Keys are managed per organization in settings, and only owners and admins can create or revoke them. When you create a key:

  • The full key is shown once, at creation — copy it then. Busy Bee stores only a hashed version and can never show it again. Lose it, and you create a new one.
  • Each key belongs to a single organization. It can only see and act on that organization's work; it can't reach across into another org.
  • You can set an expiration date, or leave the key open-ended and revoke it when you no longer need it.

Revoking a key takes effect immediately — any system still using it starts getting rejected.

What a key can do

You attach a key to a request with either header:

Authorization: Bearer ap_live_...
X-API-Key: ap_live_...

What the key is allowed to do depends on its permissions:

  • Start work — create a task to hand a job to your team. Requires task-write access.
  • See what's queued — list the tasks waiting to run in the key's organization. Requires task-read access.

By default, a standard key is read-only — it can list pending tasks but not start them. To let a key kick off work, grant it task-write access when you create it. This keeps a reporting or monitoring key from ever changing anything.

To follow a task through to its result — live progress, output, screenshots — open it in your workspace.

Keep keys safe

  • Treat a key like a password. Store it in an environment variable or secret manager — never in source control or a shared doc.
  • Give each key the least it needs. A dashboard that only reads status doesn't need write access.
  • Use separate keys for separate systems so you can revoke one without disrupting the rest.
  • Every request a key makes is logged — endpoint, method, result, and timing — so you can review how a key is being used and spot anything unexpected.

Where it fits

  • Connect external systems with webhooks.
  • Watch and manage the tasks your keys create in your workspace.
  • Decide who runs the work with hives and playbooks.

On this page