API Authentication

How to authenticate requests to the Boei REST API.

How to get there: Click your profile icon (top right) → API Keys.

API Keys

Boei uses bearer token authentication. Generate an API key from your account, then send it in the Authorization header of every request:

Authorization: Bearer YOUR_API_KEY

API keys are tied to your account and inherit your account's permissions. Treat them like passwords.

Creating a Key

1. Open API Keys from the profile menu
2. Click Create new key
3. Give the key a descriptive name (e.g., "Zapier integration", "Reporting script")
4. Click Create
5. Copy the key — this is the only time it is shown in full

The list shows the key name, the first few characters, the creation date, and the last-used date. You cannot retrieve a full key after creation.

Revoking a Key

If a key is exposed or no longer needed, revoke it from the API Keys page. Revoked keys stop working immediately. Any integration using that key needs a new one.

Scoping a Key (Agency Accounts)

Agency accounts can scope a key to specific clients. The key then only sees data for those clients. This is useful when giving a client read-only API access to their own workspace.

Request Example

curl https://app.boei.help/api/v1/contacts \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

Rate Limits

Default rate limit is 60 requests per minute per key. Exceeding the limit returns 429 Too Many Requests with a Retry-After header. Contact support if you need a higher limit.

Best Practices

• Store keys in environment variables, never in code repositories
• Use a separate key per integration so you can revoke one without breaking others
• Rotate keys annually
• Monitor the last-used column for keys you no longer need

Related

• REST API
• Chatbot Streaming API
• JavaScript SDK