Skip to main content
Every request to the Bhumi API must include a valid API key. This page explains how to get a key, how to pass it in requests, and how to manage your keys.

Getting an API key

You can create a key in two ways.

Developer Console

Sign in at console.bhumifarms.co and navigate to API Keys. Click Create key, give it a name, and copy the value shown — it is only displayed once.

API endpoint

Send a POST request to /v1/keys. The behavior depends on whether you are authenticated.
Sign in to the Developer Console first. While signed in, POST /v1/keys links the new key to your account, and you can manage it later through the Console or the DELETE /v1/keys endpoint.
curl -X POST https://api.bhumifarms.co/v1/keys \
  -H "Content-Type: application/json" \
  -d '{"name": "my-app"}'
Response
{
  "key": "bh_live_a1b2c3d4e5f6...",
  "id": "key_abc123",
  "tier": "free",
  "daily_limit": 1000
}

Key format

All Bhumi API keys begin with bh_live_ followed by 32 hex characters: 
bh_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4
Treat your API key like a password. Do not commit it to version control or expose it in client-side code. Store it in an environment variable.

Passing the key in requests

You can authenticate requests using either the X-API-Key header (recommended) or the ?key= query parameter.

Key limits

Authenticated accounts
number
default:"5"
You can have up to 5 active keys per account. To create a new key once you reach the limit, revoke an existing one first.
Unauthenticated (email-only)
number
default:"3"
Up to 3 keys per email address can be created without a console account. Sign in to manage more keys.
An additional anti-churn limit applies: authenticated accounts cannot create more than 10 keys in any 24-hour window, and email-only keys are limited to 5 per email per 24 hours.

Listing active keys

Signed-in users can retrieve their active keys from the Developer Console, or via the API endpoint: 
curl https://api.bhumifarms.co/v1/keys
Each key object includes id, name, tier, daily_limit, requests_today, last_used_at, and created_at.

Revoking a key

To revoke a key, send a DELETE request with the key’s id: 
curl -X DELETE "https://api.bhumifarms.co/v1/keys?id=key_abc123"
Response 
{ "success": true }
Revoked keys stop working immediately. Revocation requires an authenticated session and can only be performed by the account that owns the key.
If you believe a key has been compromised, revoke it from the Developer Console immediately and issue a new one.