Every request to the BudgetPixel API must include an API key as a bearer token:
Authorization: Bearer bpx_live_xxx
curl https://api.budgetpixel.com/v1/account/credits \
-H "Authorization: Bearer bpx_live_xxx"
Managing keys
Create, name, and revoke keys from your BudgetPixel account dashboard (the developer
API is in private beta — see Availability).
- The full secret is shown once, at creation. Store it securely; it can’t be
retrieved later (only its prefix is shown afterward, to help you identify it).
- Revoking a key takes effect immediately.
- The developer API is available on the Ultra plan. A request from a key whose
account isn’t on an API-enabled plan returns
403 api_access_not_enabled.
Keeping keys secure
Treat API keys like passwords. Never embed them in client-side code, mobile apps,
or public repositories — anyone with your key can spend your credits. Call the API
from your backend and keep keys in environment variables or a secrets manager.
Errors
Authentication and authorization failures use the standard
error envelope:
| Status | code | Meaning |
|---|
| 401 | missing_api_key | No Authorization header. |
| 401 | invalid_api_key | Key is unknown or revoked. |
| 403 | api_access_not_enabled | Account’s plan can’t use the API. |
| 403 | account_banned | Account is banned. |