WyrdOS
Open App

API Keys

Create, scope, test, rotate, and use WyrdOS API keys safely

API keys authenticate requests to the WyrdOS HTTP API. Create and manage them under Settings > API Keys.

Scope

Each key is scoped to a workspace and can include explicit permissions:

PermissionUse
ReadList and inspect resources.
WriteCreate or update resources.
DeleteDelete resources. Use sparingly.

Use A Key

Pass the key as a Bearer token:

Authorization: Bearer <API_KEY>

Smoke test:

curl -H "Authorization: Bearer <API_KEY>" \
  "https://<your-wyrdos-api-host>/api/v1/organisations"

Expected result: 200 OK with a data wrapper listing visible organisations, or an empty list if the key has no visible organisations.

Operational Rules

  • Store keys in environment variables or a secret manager.
  • Do not commit keys to source control.
  • Redact keys from logs and screenshots.
  • Use separate keys for CI, local development, and agents.
  • Rotate a key if it appears in chat, logs, screenshots, or an untrusted script.
  • Prefer read-only keys for agents that only need context.

Error Meanings

StatusMeaning
401Missing or invalid key.
403Key is valid but lacks permission or visibility.
404Resource does not exist or is not visible to the key.

See API Reference for response contracts and examples.