Authentication - BehavIQ Docs

BehavIQ uses bearer tokens for protected endpoints.

Authorization: Bearer YOUR_API_KEY

Public endpoints

These endpoints do not require a key:

GET /v1/bots
GET /v1/audio/voices

Everything else in the public API requires a valid key.

Workspace-scoped keys

API keys belong to a workspace. Usage is billed to that workspace.

credits are shared at the workspace level
usage reporting is shared at the workspace level
revoking a key cuts off access for anything using that key

Creating and rotating keys

Create keys in Settings -> API Access.

keys are only shown once
store them somewhere secure
rotate them if a service changes hands
revoke old keys instead of leaving them around

Common auth failures

401 means the key is missing or invalid
403 usually means the key is valid but not allowed to call that endpoint

The errors page has the usual failure patterns and retry guidance.

Public endpoints
Workspace-scoped keys
Creating and rotating keys
Common auth failures