API key format
Keys look likebd_live_…. Treat them as secrets.
How to send the key
Send the key in thex-api-key header on every request:
Authorization header for Botdog API keys; the API is documented and tested with x-api-key.
Rate limiting
Authenticated routes apply per API key rate limits (see Rate limiting). Invalid or missing keys are rejected before the rate limit runs.Security practices
- Rotate keys from the dashboard if they may be exposed.
- Never embed keys in browser-side code or mobile apps shipped to customers.
- Prefer environment variables and secret managers on the server.
API Reference playground
On the API Reference tab, open an operation page (for example List users under Users), then use Try it to call the API. Pick Production or your Local server in the server dropdown, enter your key in the auth section (x-api-key), then send the request. Requests from the hosted docs site are proxied by Mintlify so the browser is not blocked by CORS.
Use a test key when experimenting. Do not paste production keys on shared computers.
Common errors
These are the usual auth-related cases. For the full HTTP status reference, error response shape, and retry guidance, see Errors.| Status | Meaning | What to do |
|---|---|---|
| 401 | Missing or invalid key | Verify the header name is x-api-key and the value matches an active key. |
| 403 | Authenticated but not allowed for this action | Check team membership and resource ownership. |