Skip to main content

Authentication

The Bytes Developer API uses workspace API keys.

Each key belongs to one workspace. Requests made with that key act inside that workspace only.

Base URLs

Production:

https://api.jaww.ws/api/v1

Send the key as a bearer token

Every Developer API request must include your API key in the Authorization header.

Authorization: Bearer YOUR_BYTES_API_KEY

Example:

curl https://api.jaww.ws/api/v1/tags \
-H "Accept: application/json" \
-H "Authorization: Bearer YOUR_BYTES_API_KEY"

Create an API key

  1. Sign in to the Bytes dashboard.
  2. Go to Workspace Settings -> Developer API.
  3. Select Create API key.
  4. Give the key a clear name.
  5. Select Create API key.
  6. Copy the key immediately.
One-time reveal

Bytes shows the full API key only once. Copy it before leaving the reveal screen.

If you lose the key, revoke it and create a new one.

API key format

Workspace API keys currently use this format:

YOUR_BYTES_API_KEY

Treat the entire value as secret.

Store keys safely

Use environment variables or a secrets manager.

BYTES_API_KEY=YOUR_BYTES_API_KEY
BYTES_API_BASE_URL=https://api.jaww.ws/api/v1

Do not commit .env files containing real keys.

Do not use API keys in browsers

API keys are for server-side systems only.

Do not expose API keys in:

  • frontend JavaScript
  • mobile app bundles
  • public repositories
  • screenshots
  • customer-facing pages
  • support messages
  • logs

Revoking a key

Revoke a key when:

  • an integration is no longer used
  • a developer, contractor or agency no longer needs access
  • you think the key may have been exposed
  • you are rotating credentials as part of a security review

When a key is revoked, any system using that key stops working immediately.

Authentication errors

Missing, invalid or revoked API keys return:

401 Unauthorized
{
"message": "Unauthenticated."
}