Authentication

All Buena.ai API requests require authentication using user-specific API keys. Each key has granular permissions and tracks usage for security and billing purposes.

​

API Key Format

Buena.ai supports two types of API keys for maximum flexibility and backward compatibility:

​

User-Specific API Keys (Recommended)

Format: bna_[hexadecimal] where the hexadecimal string is 64 characters long:

bna_bxxxxxxxxxx

Benefits:

• Automatic User Detection: No need to specify user IDs in requests
• Enhanced Security: User-specific permissions and rate limiting
• Better Tracking: Automatic usage tracking and last-used timestamps
• Granular Permissions: Support for specific permission scopes

​

Global API Keys (Legacy)

Format: Traditional API key format for backward compatibility:

abc12345-xyz789def456ghi123jkl

Characteristics:

• Full Access: All permissions (*)
• Legacy Support: Works with all existing endpoints
• Requires User IDs: Must specify user IDs in request parameters
• Backward Compatible: Maintains compatibility with v1 API patterns

​

Authentication Header

Include your API key in the x-api-key header for all requests:

curl -H "x-api-key: YOUR_API_KEY" \
     -H "Content-Type: application/json" \
     "https://api.buena.ai/api/v2/health"

​

Permission System

Each API key has specific permissions that control access to different endpoints. User-specific API keys support granular permissions, while global API keys have all permissions (*).

​

Common Permission Sets

​

Permission Requirements by Endpoint

​

Creating API Keys

​

Via Dashboard

1. Log into your Buena.ai dashboard
2. Navigate to Settings → API Keys
3. Click “Create New Key”
4. Set permissions and expiration
5. Copy and store the key securely

​

Via API

curl -X POST "https://api.buena.ai/api/v2/keys" \
  -H "x-api-key: YOUR_EXISTING_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Integration",
    "permissions": ["linkedin:schedule", "leads:read", "leads:write"],
    "expiresInDays": 365
  }'

​

Managing API Keys

​

List Keys

curl -H "x-api-key: YOUR_API_KEY" \
     "https://api.buena.ai/api/v2/keys"

​

Update Key

curl -X PUT "https://api.buena.ai/api/v2/keys/{keyId}" \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Updated Key Name",
    "permissions": ["linkedin:read", "leads:read"]
  }'

​

Regenerate Key

curl -X POST "https://api.buena.ai/api/v2/keys/{keyId}/regenerate" \
  -H "x-api-key: YOUR_API_KEY"

​

Delete Key

curl -X DELETE "https://api.buena.ai/api/v2/keys/{keyId}" \
  -H "x-api-key: YOUR_API_KEY"

​

Best Practices

​

Authentication Errors

​

401 Unauthorized

{
  "error": true,
  "code": "UNAUTHORIZED",
  "message": "Invalid API key",
  "version": "2.0"
}

Causes:

• Missing x-api-key header
• Invalid API key format
• Expired API key
• Deactivated API key

​

403 Forbidden

{
  "error": true,
  "code": "PERMISSION_DENIED",
  "message": "Insufficient permissions",
  "version": "2.0",
  "permissionHelp": {
    "required": "linkedin:schedule",
    "available": ["linkedin:read"],
    "documentation": "https://docs.buena.ai/authentication"
  }
}

Causes:

• API key lacks required permission
• Attempting to access restricted endpoint
• Rate limit exceeded

​

Testing Authentication

Use the health endpoint to verify your authentication:

curl -H "x-api-key: YOUR_API_KEY" \
     "https://api.buena.ai/api/v2/health"

Successful response:

{
  "version": "2.0",
  "status": "healthy",
  "authentication": "user",
  "user": {
    "id": "user_abc123",
    "email": "john@company.com",
    "role": "Premium"
  },
  "apiKey": {
    "name": "My Integration Key",
    "permissions": ["linkedin:schedule", "leads:read"],
    "usageCount": 42
  }
}