API Keys
Generating a Key
- Navigate to Integrations in the left sidebar
- Select API Keys
- Click Generate New Key
- Enter a name (e.g. "Production SIEM Integration")
- Select scopes:
read|write|alerts - Set expiry if required
- Copy the key - it is shown only once
Keys use the format: bs_live_ followed by 64 hex characters.
Using a Key
# curl
curl -H "Authorization: Bearer bs_live_your_key_here" \
https://breachspider.com/api/v1/cves
# Python
import requests
headers = {"Authorization": "Bearer bs_live_your_key_here"}
response = requests.get("https://breachspider.com/api/v1/cves", headers=headers)
// JavaScript
const response = await fetch("https://breachspider.com/api/v1/cves", {
headers: { "Authorization": "Bearer bs_live_your_key_here" }
});
Listing Keys
GET /api/v1/integrations/keys
Returns key name, prefix (first 16 characters), scopes, created date, last used date. The raw key is never returned after generation.
Revoking a Key
DELETE /api/v1/integrations/keys/{key_id}
Revocation is immediate. Any request using a revoked key returns 401 AUTH_REQUIRED.
Key Security Best Practices
- Store keys in environment variables, never in source code
- Use separate keys per integration (SIEM, webhook consumer, custom app)
- Set expiry dates on keys used by third-party services
- Rotate keys quarterly or immediately after any suspected exposure
- Monitor
last_used_atin the key list to detect unused or unexpected usage