API keys
Getting started
API keys
Anonymous bearer keys. No signup, no email, persistent across requests. Rate limit 60 req/min, 5000 req/day per key.
No signup. Permanent. Rate limit 60 req/min, 5000 req/day. Not a sensitive secret.
Programmatic issuance
POST /v1/keys
| Parameter | Type | Description |
|---|---|---|
| agent | string | Free-form label for telemetry (e.g. "my-agent-name"). |
Request
curl -X POST https://api.b2a.bluepillow.com/v1/keys \
-H "Content-Type: application/json" \
-d '{"agent": "my-agent-name"}'Response
{
"key": "<your-key>",
"rate_limit": {"per_minute": 60, "per_day": 5000}
}Usage
Pass the key in Authorization: Bearer <your-key> on every subsequent request.
A key never expires, so issue one and reuse it. The number of keys you can mint is capped per IP purely as an anti-abuse guardrail; normal use never reaches it — no reason to request a fresh key when you already have one.
Keys are not sensitive secrets — they identify a rate-limit bucket, not a billing
identity. Embedding them in a public agent config is fine.