Authentication

How to authenticate with the EziBreezy API

The EziBreezy API supports two authentication methods.

API key authentication (recommended)

Pass your API key as a Bearer token in the Authorization header:

curl https://api.ezibreezy.com/v1/workspaces \
  -H "Authorization: Bearer ezb_live_abc123..."

Key format

API keys follow the format ezb_live_ followed by 48 hex characters.

Key properties

Property	Description
`name`	A label you assign when creating the key
`keyPrefix`	First 16 characters — visible in the dashboard for identification
`expiresAt`	Optional expiry date. `null` means the key never expires
`lastUsedAt`	Updated each time the key is used

Creating keys

Create API keys from the dashboard at Settings > API Keys. Click Create Key, give it a name, choose an optional expiration, and copy the raw key immediately — it's only shown once.

Keys can also be created programmatically using session authentication (not another API key). You must have the admin role on the organization.

curl -X POST https://api.ezibreezy.com/v1/api-keys \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "Content-Type: application/json" \
  -H "x-workspace-id: YOUR_WORKSPACE_ID" \
  -d '{
    "name": "CI/CD pipeline",
    "expiresAt": "2027-01-01T00:00:00Z"
  }'

{
  "data": {
    "id": "key-uuid",
    "name": "CI/CD pipeline",
    "key": "ezb_live_abc123...",
    "keyPrefix": "ezb_live_abc123",
    "createdAt": "2026-01-01T00:00:00.000Z",
    "expiresAt": "2027-01-01T00:00:00.000Z"
  },
  "meta": null
}

Important: The raw key value is only returned once at creation time. It is stored as a SHA-256 hash and cannot be retrieved later.

Revoking keys

Revoke keys from Settings > API Keys by clicking the delete icon next to the key, or programmatically:

curl -X DELETE https://api.ezibreezy.com/v1/api-keys/KEY_UUID \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "x-workspace-id: YOUR_WORKSPACE_ID"

Revoked keys immediately stop working. The revocation is permanent.

Listing keys

curl https://api.ezibreezy.com/v1/api-keys \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  -H "x-workspace-id: YOUR_WORKSPACE_ID"

{
  "data": [
    {
      "id": "key-uuid",
      "name": "CI/CD pipeline",
      "keyPrefix": "ezb_live_abc123",
      "lastUsedAt": "2026-03-15T10:30:00.000Z",
      "createdAt": "2026-01-01T00:00:00.000Z",
      "expiresAt": "2027-01-01T00:00:00.000Z"
    }
  ],
  "meta": null
}

Organization scoping

Each API key is tied to the organization it was created in. A key cannot access workspaces in a different organization — the API returns 403 Forbidden if you try.

Session authentication

If you're building a first-party integration or testing from the browser, you can use your existing login session. The API accepts the session token as a Bearer token in the Authorization header.

This is primarily useful for:

Creating and managing API keys (which require session auth)
Testing endpoints during development

Workspace header

Most endpoints require a workspace context via the x-workspace-id header:

-H "x-workspace-id: YOUR_WORKSPACE_UUID"

Required for: Posts, Media, Integrations, API Keys

Not required for: Workspaces (this is the discovery endpoint)

Tip: Use GET /v1/workspaces first to discover your workspace IDs, then pass the right one in subsequent requests.

PreviousQuickstart NextWorkspaces