REST API and Webhooks Credentials - Bridge REST Integrations API & Webhooks

Overview

All requests to the Bridge API must be authenticated using an API Key. This key identifies your application and authorizes it to access Bridge resources on behalf of your organization.

You will need access to Bridge’s admin console at https://admin.bridge.new.If you don’t have one, please ask your Bridge Admin to create you a user.

Generating an API Key

Open the Admin Console

Go to your Bridge Dashboard and log in with your credentials.

Navigate to API Keys

In the left panel, go to Developers → API Keys Management.

Create a new key

Click Generate New Key. You can give it a descriptive name and set an expiration date.

Important:
Your API Key will only be displayed once upon creation. Copy it immediately and store it in a secure location — you will not be able to retrieve it later.

Using your API Key

Include your API Key in the x-api-key header on every request:

curl -X GET "https://api.bridge.new/bridge/api/health" \
  -H "x-api-key: YOUR_API_KEY"

const response = await fetch("https://api.bridge.new/bridge/api/health", {
  method: "GET",
  headers: {
    "x-api-key": "YOUR_API_KEY",
  },
});

const data = await response.json();
console.log(data);

import requests

response = requests.get(
    "https://api.bridge.new/bridge/api/health",
    headers={"x-api-key": "YOUR_API_KEY"}
)

print(response.json())

Use the GET /bridge/api/health endpoint to verify that your API Key is valid and your connection is working correctly.

Security Best Practices

Use environment variables — Store your API Key in an environment variable (e.g. BRIDGE_API_KEY) instead of hardcoding it in your source code.
Never expose keys in client-side code — API Keys should only be used in server-side applications. Never include them in frontend code, mobile apps, or public repositories.
Set an expiration date — Always configure an expiration when creating a key. Avoid using keys without a defined expiry.
One key per application — Use a separate API Key for each service or application that connects to Bridge. This limits the impact if a key is compromised.
Rotate keys periodically — Create a new key and update your applications before deactivating the old one. This ensures zero downtime during rotation.

Troubleshooting

Error	Possible Cause	Solution
`401 Unauthorized`	Invalid, expired, or missing API Key	Verify that your key is correct, active, and included in the `x-api-key` header
`403 Forbidden`	The API Key does not have access to the requested resource	Check that your key has the necessary permissions for this endpoint
Cannot retrieve API Key	The key is only shown once at creation time	Generate a new API Key from the Admin Console

For a complete list of error codes, see the Error Codes reference.

Error Codes — Full reference of Bridge API error codes
REST API Reference — Explore all available endpoints
Webhooks — Set up real-time event notifications

​Overview

​Generating an API Key

​Using your API Key

​Security Best Practices

​Troubleshooting

​Related Topics

Overview

Generating an API Key

Using your API Key

Security Best Practices

Troubleshooting

Related Topics