Authentication
The Bytes Developer API uses workspace API keys.
Each key belongs to one workspace. Requests made with that key act inside that workspace only.
Base URLs
Production:
https://api.jaww.ws/api/v1
Send the key as a bearer token
Every Developer API request must include your API key in the Authorization header.
Authorization: Bearer YOUR_BYTES_API_KEY
Example:
curl https://api.jaww.ws/api/v1/tags \
-H "Accept: application/json" \
-H "Authorization: Bearer YOUR_BYTES_API_KEY"
Create an API key
- Sign in to the Bytes dashboard.
- Go to Workspace Settings -> Developer API.
- Select Create API key.
- Give the key a clear name.
- Select Create API key.
- Copy the key immediately.
Bytes shows the full API key only once. Copy it before leaving the reveal screen.
If you lose the key, revoke it and create a new one.
API key format
Workspace API keys currently use this format:
YOUR_BYTES_API_KEY
Treat the entire value as secret.
Store keys safely
Use environment variables or a secrets manager.
BYTES_API_KEY=YOUR_BYTES_API_KEY
BYTES_API_BASE_URL=https://api.jaww.ws/api/v1
Do not commit .env files containing real keys.
Do not use API keys in browsers
API keys are for server-side systems only.
Do not expose API keys in:
- frontend JavaScript
- mobile app bundles
- public repositories
- screenshots
- customer-facing pages
- support messages
- logs
Revoking a key
Revoke a key when:
- an integration is no longer used
- a developer, contractor or agency no longer needs access
- you think the key may have been exposed
- you are rotating credentials as part of a security review
When a key is revoked, any system using that key stops working immediately.
Authentication errors
Missing, invalid or revoked API keys return:
401 Unauthorized
{
"message": "Unauthenticated."
}