Authentication
BizXEngine uses bearer token authentication. Every request must include a valid API key in the Authorization header.
Authorization: Bearer bxe_YOUR_API_KEY
API key types
| Type | Prefix | Scope |
|---|
| Secret key | bxe_sk_ | Full API access. Use server-side only. Never expose in client code. |
| Publishable key | bxe_pk_ | Read-only memory retrieval. Safe for client-side use. |
| Workspace key | bxe_ws_ | Scoped to a single workspace. Useful for multi-tenant deployments. |
Authentication errors
| Code | Meaning |
|---|
| 401 | Missing or malformed Authorization header. |
| 403 | Valid key but insufficient permissions for this operation. |
| 429 | Rate limit exceeded. See Rate Limits. |