Authentication
Busy Board AI uses API Keys to authenticate requests. You can manage your keys in the Developer Platform section of your dashboard.
1
Obtaining an API Key
To get started, navigate to Settings > Developer Platform in your Administrator Portal. Click on "Create New Key", provide a descriptive name, and select the required scopes.
Security Note: Your full API Key will only be shown once. Copy it immediately and store it securely.
Using the API Key
All API requests must include your key in the x-api-key HTTP header. Requests without this header or with an invalid key will return a 401 Unauthorized response.
curl -X GET https://api.busyboard.co.za/v1/calls \
-H "x-api-key: sk_live_..." \
-H "Content-Type: application/json"const axios = require('axios');
const client = axios.create({
baseURL: 'https://api.busyboard.co.za/v1',
headers: {
'x-api-key': 'sk_live_...',
'Content-Type': 'application/json'
}
});
client.get('/calls').then(res => console.log(res.data));$ch = curl_init('https://api.busyboard.co.za/v1/calls');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'x-api-key: sk_live_...',
'Content-Type: application/json'
]);
$response = curl_exec($ch);
curl_close($ch);
echo $response;import java.net.http.*;
import java.net.URI;
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.busyboard.co.za/v1/calls"))
.header("x-api-key", "sk_live_...")
.header("Content-Type", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(request,
HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());using System.Net.Http;
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://api.busyboard.co.za/v1/calls");
request.Headers.Add("x-api-key", "sk_live_...");
var response = await client.SendAsync(request);
var content = await response.Content.ReadAsStringAsync();
Console.WriteLine(content);import ("net/http"; "io/ioutil"; "log")
client := &http.Client{}
req, _ := http.NewRequest("GET", "https://api.busyboard.co.za/v1/calls", nil)
req.Header.Set("x-api-key", "sk_live_...")
resp, _ := client.Do(req)
body, _ := ioutil.ReadAll(resp.Body)
log.Println(string(body))Key Validity
- Indefinite: API keys do not expire automatically. They remain valid as long as they are active in the portal.
- Revocation: Keys can be deactivated or deleted instantly from the Developer Portal if they are no longer needed.
- Rotation: For high-security environments, we recommend rotating keys every 90 days.
Security Best Practices
- Server-Side Only: Never embed API keys in client-side code (HTML, JS in browsers, or Mobile Apps).
- Environment Variables: Store keys in
.envfiles or secure vault services like AWS Secrets Manager. - Scope Limitation: Only grant the minimum required permissions for each specific integration.
HTTP Status Codes
| Code | Title | Description |
|---|---|---|
| 200 | OK | Request successful. |
| 201 | Created | Resource created successfully. |
| 401 | Unauthorized | Invalid or missing API Key. |
| 403 | Forbidden | Key does not have required scopes. |
| 429 | Too Many Requests | Rate limit exceeded. |
Error Responses
In case of an error, the API returns a standard JSON response:
{
"success": false,
"message": "Invalid API Key provided",
"data": null,
"statusCode": 401
}