API Keys

API keys allow you to trigger Bug0 tests from CI/CD pipelines without user authentication.

Creating an API Key

1. Open your project in Bug0
2. Go to Project Settings
3. Navigate to API Keys section
4. Click Generate New Key
5. Copy the key immediately (shown only once)

Using API Keys

Include the key in the x-api-key header:

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: bug0_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "your-project-id"
  }'

API Key Security

Do

• Store keys in CI/CD secrets (GitHub Secrets, etc.)
• Use environment variables, not hardcoded values
• Rotate keys periodically
• Create separate keys for different environments

Don't

• Commit keys to version control
• Share keys in chat or email
• Use the same key everywhere
• Keep unused keys active

Storing Keys Securely

GitHub Actions

1. Go to your repository → Settings → Secrets
2. Click New repository secret
3. Name: BUG0_API_KEY
4. Value: Your Bug0 API key

Use in workflow:

env:
  BUG0_API_KEY: ${{ secrets.BUG0_API_KEY }}

GitLab CI

1. Go to Settings → CI/CD → Variables
2. Add variable BUG0_API_KEY
3. Mark as "Masked" and "Protected"

Other CI Systems

Consult your CI system's documentation for storing secrets.

Revoking Keys

If a key is compromised:

1. Go to Project Settings → API Keys
2. Find the compromised key
3. Click Revoke
4. Generate a new key
5. Update your CI/CD configuration

Key Permissions

API keys have project-level permissions:

• Run tests - Trigger test execution
• View results - Access test reports

Keys cannot:

• Modify tests or projects
• Access other projects
• Manage team members

Multiple Keys

You can create multiple keys for:

• Different environments (staging, production)
• Different CI systems
• Different teams
• Easier rotation

Troubleshooting

401 Unauthorized

• Key is invalid or revoked
• Key doesn't match the project
• Header name is wrong (x-api-key)

403 Forbidden

• Key doesn't have permission for this action
• Project access issue

Key Not Working

1. Verify key is not revoked
2. Check key is for correct project
3. Ensure header is exactly x-api-key
4. Check for extra whitespace in key value

Example Usage

Basic Test Trigger

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: $BUG0_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "abc123"
  }'

With Preview URL

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: $BUG0_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "abc123",
    "url": "https://preview-pr-42.yourapp.com"
  }'

With Git Information

curl -X POST https://app.bug0.com/api/run-tests \
  -H "x-api-key: $BUG0_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "projectId": "abc123",
    "url": "https://preview-pr-42.yourapp.com",
    "gitCommitSha": "abc123def456",
    "gitBranch": "feature/new-checkout",
    "prNumber": "42"
  }'

Git information enables:

• Commit status updates
• PR comments with results
• Branch-specific test filtering