API keys

Create scoped keys from your BoringKit account.

API keys are generated from Account and authorize API requests according to scope. A key does not turn browser-local tools into server-side jobs.

Generate a key

Open Account, go to API keys, choose a name and scopes, then generate the key. The raw key is displayed once. BoringKit stores only a non-recoverable verifier and shows the prefix later.

Open API key settings

Recommended scopes

tools:read

List tools and read tool contracts.

jobs:write

Create jobs and cancel queued work.

jobs:read

Poll job state and read output metadata.

files:write

Use upload and download intents for job files.

ai:write

Run Pro, Business, or Custom AI enhancement requests.

webhooks:write

Manage webhook endpoints when available for your plan.

billing:read

Read plan and credit information for operational dashboards.

Use a key

Example

Authorization: Bearer bk_live_xxxxxxxxxxxxxxxxxxxxx

Operational guidance

Create separate keys for production, CI, local testing, and vendor integrations.
Store keys only in server-side secret storage or CI secret stores.
Rotate by creating a replacement key, deploying it, then revoking the old key from Account.
Use /tools before automation so unsupported tools fail in planning, not after upload.

Pages

Tool Kits

Account

Create scoped keys from your BoringKit account.

Generate a key

Recommended scopes

Use a key

Operational guidance