BigMindBigMindBigMind
Partner APIBETA
Sign inGet an API key
Partner APIBETA
OverviewAuthenticationCustomersPlansAccount & UsageDICOM ReportsWebhooksError codesChangelog

Authentication

The Partner API uses bearer-token authentication with API keys you generate from the Settings page.

Generate a key

Go to Settings → API and click Generate API key. Give it a name (e.g., Production or Billing integration).

The full secret is shown once. Copy it and store it somewhere safe — a password manager or your secret store. If you lose the secret, regenerate the key (the old one is immediately revoked).

Beta limit: one active key per partner. Multiple keys with scoped permissions are on the roadmap.

Authenticate requests

Include the secret on every request via the Authorization header:

curl -H "Authorization: Bearer sk_live_..." \
  https://app.bigmind.com/api/partner/v1/account

For compatibility, the X-API-Key header is also accepted.

Response envelope

All responses use the same JSON envelope:

{
  "success": true,
  "data": { ... }
}

See the full list of error codes on the Errors reference.

Rate limits

The Beta API is rate-limited to 120 requests per minute per partner. When exceeded you receive HTTP 429 with a Retry-After header indicating seconds until you can retry.

Key rotation

To rotate a key, go to Settings → API and click Regenerate. The old key is revoked immediately and the new secret is shown once. Update your integrations before regenerating.

To revoke without replacement, click Revoke. All subsequent requests with the revoked secret return HTTP 401 with INVALID_API_KEY.