DevTeam.ai
GitHubGet Started

API Authentication

Secure your DevTeam.ai API access with API keys and token-based authentication.

Getting Your API Key

1

Sign Up

Create an account at devteam.ai

2

Navigate to Settings

Go to Settings → API Keys in your dashboard

3

Create API Key

Click "Create New Key", give it a name, and save it securely

Important: Store your API key securely. It won't be shown again after creation.

Using API Keys

In HTTP Requests

Include your API key in the Authorization header as a Bearer token:

typescript
const response = await fetch('https://devteam-api.finhub.workers.dev/graphql', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer YOUR_API_KEY_HERE'
  },
  body: JSON.stringify({
    query: `
      query {
        projects {
          id
          name
        }
      }
    `
  })
});

In GitHub Actions

Store your API key as a repository secret:

yaml
- name: Run DevTeam Agent
  uses: devteam-ai/review-agent@v1
  with:
    api-key: ${{ secrets.DEVTEAM_API_KEY }}
    github-token: ${{ secrets.GITHUB_TOKEN }}

In CLI

Set the API key as an environment variable:

bash
export DEVTEAM_API_KEY=your_api_key_here


# Or authenticate interactively
devteam auth login

API Key Scopes

Control what your API keys can access with scopes:

read:projects
View projects and their details
write:projects
Create and modify projects
execute:agents
Spawn and control AI agents
read:knowledge
Search institutional knowledge base
admin:*
Full access (use with caution)

Managing API Keys

Via Dashboard

  • View all API keys and their last used date
  • Revoke compromised keys immediately
  • Rotate keys regularly for security
  • Set expiration dates for temporary keys

Via GraphQL API

graphql
# List your API keys
query {
  apiKeys {
    id
    name
    scopes
    lastUsedAt
    createdAt
    expiresAt
  }
}


# Create a new API key
mutation CreateApiKey(
  $name: String!,
  $scopes: [String!]!,
  $expiresIn: Int
) {
  createApiKey(
    name: $name,
    scopes: $scopes,
    expiresIn: $expiresIn
  ) {
    id
    key # Only returned on creation!
    name
    scopes
  }
}


# Revoke an API key
mutation RevokeApiKey($id: String!) {
  revokeApiKey(id: $id)
}

Security Best Practices

DO: Store API keys in environment variables or secrets managers (AWS Secrets Manager, HashiCorp Vault)
DO: Use different API keys for different environments (dev, staging, prod)
DO: Rotate API keys every 90 days
DON'T: Commit API keys to version control (add .env to .gitignore)
DON'T: Share API keys via email, Slack, or other insecure channels
DON'T: Use production API keys in development or testing

Key Compromised?

If you suspect your API key has been compromised:

  1. Revoke immediately - In dashboard or via API
  2. Check usage logs - Review recent API activity
  3. Create new key - Generate replacement with same scopes
  4. Update applications - Deploy new key to all services
  5. Monitor activity - Watch for unusual patterns
bash
# Revoke via CLI
devteam auth revoke --key-id dtk_xxxxxxxxxxxxx


# List recent usage
devteam auth usage --key-id dtk_xxxxxxxxxxxxx --last 7d

Rate Limiting

API keys are subject to rate limits based on your plan. See Rate Limiting for details.

Next Steps

GraphQL API Reference

Explore the complete API schema

Rate Limiting

Understand rate limits and quotas