Security/Auth
Authentication
All requests to the Backchannel API must be authenticated. We use industry-standard Bearer tokens to secure your data.
Bearer Tokens
Provide your API key in the Authorization header for every request.
HTTP Header Example
Authorization: Bearer bc_live_••••••••Best Practices
Environment Isolation
Never use your 'bc_live_' keys in development. Use local sandbox keys instead.
Key Rotation
Rotate your keys every 90 days. We support zero-downtime rotation.
HTTPS Enforcement
All requests must be over TLS 1.2+. Non-secure requests are rejected.
Scoping
Create keys with minimum required permissions (Principle of Least Privilege).
Error Codes
| Field | Type | Description |
|---|---|---|
401: UNAUTHORIZED | error | The API key is missing or invalid. Check your 'Authorization' header. |
403: FORBIDDEN | error | The API key is valid but lacks the scope required for this specific request. |
401: EXPIRED_KEY | error | The key has been manually revoked or surpassed its expiration TTL. |
Playground
curl -X GET "https://api.backchannel.ai/v1/brands/me" \
-H "Authorization: Bearer YOUR_API_KEY"
Authentication
Query Params
Sandbox Mode
Powered by NeuralSync