Bug0Bug0 Docs

Authentication

All Bug0 API requests must be authenticated.

Authentication Methods

1. API Key (Recommended)

Use API keys for CI/CD pipelines and automated integrations.

Header: x-api-key

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: bug0_abc123def456" \
  -H "Content-Type: application/json" \
  -d '{"projectId": "..."}'

Creating API Keys

  1. Open your project in Bug0
  2. Go to Project SettingsAPI Keys
  3. Click Generate New Key
  4. Copy and securely store the key

API keys are shown only once. Store them securely in your CI/CD secrets.

API Key Format

bug0_[random-string]

Example: bug0_sk_a1b2c3d4e5f6g7h8i9j0

Key Permissions

API keys are scoped to a single project and can:

  • Trigger test runs
  • Read test results

Keys cannot:

  • Modify tests or settings
  • Access other projects

2. Service Token

For internal Bug0 services and trusted integrations.

Header: x-bug0-service-token

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-bug0-service-token: your-service-token" \
  -H "Content-Type: application/json" \
  -d '{"projectId": "..."}'

Service tokens are for advanced integrations. Most users should use API keys.

3. User Session (Web App)

For requests from the Bug0 web application, session-based authentication is used automatically. This is not applicable for API integrations.

Security Best Practices

Do

  • Store API keys in CI/CD secrets
  • Use environment variables
  • Rotate keys periodically
  • Use separate keys per environment
  • Revoke compromised keys immediately

Don't

  • Commit keys to version control
  • Share keys via email or chat
  • Use production keys in development
  • Reuse keys across multiple systems

Storing API Keys

GitHub Actions

# In your workflow
env:
  BUG0_API_KEY: ${{ secrets.BUG0_API_KEY }}

GitLab CI

# In .gitlab-ci.yml
variables:
  BUG0_API_KEY: $BUG0_API_KEY  # Set in CI/CD settings

Environment Variables

export BUG0_API_KEY="bug0_sk_..."

Error Responses

401 Unauthorized

{
  "success": false,
  "error": "Invalid API key"
}

Causes:

  • API key is missing
  • API key is invalid
  • API key has been revoked

403 Forbidden

{
  "success": false,
  "error": "Access denied"
}

Causes:

  • API key doesn't have access to the project
  • Resource requires different permissions

Revoking API Keys

If a key is compromised:

  1. Go to Project SettingsAPI Keys
  2. Find the key (identified by prefix)
  3. Click Revoke
  4. Generate a new key
  5. Update your CI/CD configuration

Revoked keys immediately stop working.

Testing Authentication

Verify your API key works:

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"projectId": "YOUR_PROJECT_ID"}'

Expected response (success):

{
  "success": true,
  "message": "Tests triggered successfully"
}

Expected response (invalid key):

{
  "success": false,
  "error": "Invalid API key"
}