Skip to content

Authentication

Send your secret key as a bearer token on every request:

Authorization: Bearer brd_sk_live_...

Each key is scoped along two axes:

  • Access — read, or read-write.
  • Reach — a whole workspace, or a single project.

A request that exceeds the key’s scope is rejected with 403 permission_error (insufficient_scope). A project-scoped key only ever sees its own project.

HTTP type code Meaning
401 authentication_error unauthorized, expired Missing, invalid, revoked or expired key.
403 permission_error insufficient_scope The key lacks the required access, or the resource is outside its scope.

See Errors for the full catalog.