Skip to main content

Documentation Index

Fetch the complete documentation index at: https://bavlio.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Bavlio’s SaaS API uses workspace-scoped API keys. Pass the key as a Bearer token in the Authorization header. Every request needs it.

Key format

Bavlio API keys start with bav_live_ followed by 43 URL-safe characters. The prefix lets you spot Bavlio keys in your secrets scanner. Treat the entire string as the secret.
Example
bav_live_a1b2c3d4e5f6g7h8i9j0kLmNoPqRsTuVwXyZ

Creating a key

1

Sign in to bavlio.com

Use the Google or email account on your workspace. bavlio.com/login.
2

Open Settings → API keys

Free-tier accounts cannot create keys; upgrade to a paid plan if you see a 403 on creation.
3

Click Create key, name it, copy immediately

Name describes the use (production-agent, staging-worker). The full value is shown only once on creation.
4

Store it as a secret in your runtime

Set as BAVLIO_API_KEY environment variable. Never commit it to source.
By design: API keys cannot mint API keys. The endpoint that creates keys requires a logged-in dashboard session — this prevents a leaked key from cloning itself, and means agent provisioning always involves a human-in-the-loop initial setup.

Sending the key

Pass the key as a Bearer token. Both the SaaS API and the BaviMail proxy under /api/v1/bavimail/* accept the same header. 
curl -X GET https://api.bavlio.com/api/v1/auth/me \
  -H "Authorization: Bearer bav_live_REPLACE_WITH_YOUR_KEY"

Rotating a key

1

Create the new key first

Both old and new keys are valid in parallel — no downtime.
2

Deploy your runtime with the new key

Update the secret in your environment, restart workers.
3

Verify traffic is on the new key

Look at the dashboard Last Used column for both keys.
4

Revoke the old key

Revoked keys return HTTP 401 on every subsequent request. There is no undo — create a new key if needed.

Scopes & permissions

Today, all API keys grant full workspace access — there is no per-key scoping. Restricted (Stripe-style rk_) keys are on the roadmap. Until then, treat each key as workspace-admin and rotate aggressively if leaked.

x402 wallet auth (alternative)

AI agents without a Bavlio account can hit a subset of Bavlio’s data — email verification, email finder, LinkedIn URL discovery, prospect search — without an account, paying per call in USDC on Base mainnet via the x402 protocol. No signup, no API key, no subscription.

x402 API Guide

Full guide to wallet-paid endpoints. 5 endpoints at 0.003-0.012 USDC each.

Quickstart

For agents using a regular bav_live_ API key.