Authentication
Learn how to authenticate API requests using personal or project tokens.
Authentication Methods
BugToMe supports two types of API tokens for different use cases:
Personal API Token
Personal API tokens are linked to your account and have access to all organizations you belong to. Use this token type for personal integrations and scripts.
- Token prefix:
pk_ - Scope: All your organizations
- Generate in: Account Settings → API
Project API Token
Project tokens are scoped to a specific project. Use this for external integrations that should only have access to a single project.
- Token prefix:
proj_ - Scope: Single project
- Generate in: Project Settings → API Token
Using Authentication
Include your API token in the Authorization header using the Bearer scheme:
Authorization: Bearer pk_your_api_token_herecURL Example
curl -X GET "https://bugto.me/api/v1/tickets" \
-H "Authorization: Bearer pk_your_api_token" \
-H "Content-Type: application/json"JavaScript Example
const response = await fetch('https://bugto.me/api/v1/tickets', {
headers: {
'Authorization': 'Bearer pk_your_api_token',
'Content-Type': 'application/json'
}
});
const tickets = await response.json();Ruby Example
require 'net/http'
require 'json'
uri = URI('https://bugto.me/api/v1/tickets')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Get.new(uri)
request['Authorization'] = 'Bearer pk_your_api_token'
request['Content-Type'] = 'application/json'
response = http.request(request)
tickets = JSON.parse(response.body)Token Security
Keep your API tokens secure:
- Never commit tokens to version control
- Use environment variables to store tokens
- Rotate tokens regularly if you suspect they've been compromised
- Use project tokens for external services when possible
Revoking Tokens
You can revoke tokens at any time from your settings page. Once revoked, the token will immediately stop working for all API requests.