Authentication

Authenticate API requests with basic auth by pairing your publishable and secret keys, and keep those credentials scoped to the right sites.

Every Bento API request must include valid credentials. Bento uses Basic authentication where your publishable_key is the username and your secret_key is the password.

If you need to scope requests to a particular site, include the site’s site_uuid, which you can grab from the site settings or the API keys page. When constructing the Authorization header, concatenate publishable_key + secret_key, base64 encode the result, and pass it with the Basic scheme.

Example request

Example request with basic auth

bash

curl -L -X GET 'https://app.bentonow.com/api/v1/fetch/tags?site_uuid=YourSiteUUID1234' \
  -H 'Accept: application/json' \
  -H 'Authorization: Basic MyUserPasswordEncodedBase64'

Keys unlock every site inside the account(s) they belong to. If you manage multiple client accounts, double-check that you are using the correct API key pair so you do not accidentally operate on the wrong data set.

Never commit keys to GitHub or any other source control system. If a credential leaks—or even if you suspect it did—revoke it from the team dashboard and issue a new pair.

Treat your API keys like any other secret: rotate when necessary, store them in a vault, and limit who can view or regenerate them.

Using an SDK

Official SDKs manage authentication for you. Grab your keys from the Bento dashboard under settings and the client library will sign each request appropriately.

Check out our first-party SDKs