Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.barker.money/llms.txt

Use this file to discover all available pages before exploring further.

API key format

bk_<env>_<random>
   ^^^^   ^^^^^^^
   |      32 base62 chars (high entropy)
   sandbox | live
  • bk_test_ — sandbox key, hits https://api-test.barker.money
  • bk_live_ — production key, hits https://api.barker.money
Every request must include: 
X-Api-Key: bk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Missing or invalid key → 401 Unauthorized.

Rotation & revocation

In Portal → API Keys you can:
  • Create a new key (returned once in plaintext, then only the prefix is visible)
  • Revoke any key (immediate, no grace period)
  • View last_used_at and last_used_ip for each key
Best practice: rotate production keys every 90 days. Both old and new can be active during cutover.

Storage on our side

Your plaintext key is never stored. We store:
  • key_hash: bcrypt hash of the full key
  • key_prefix: first 12 chars for UI/audit (e.g. bk_live_a3F2)
This means we cannot recover a lost key — you must rotate.