Boring Marketingdocs

Get My API Key

Return the current caller's API key. Used by the dashboard after a magic-link sign-in.

GEThttps://api.boringmarketing.com/auth/me/api-key

Returns the API key belonging to the authenticated caller. This is the first-party dashboard impersonation path — after a user signs into dashboard.boringmarketing.com with a magic link, the dashboard calls this endpoint to load the user's key into its session so it can make API calls on their behalf.

Agents that already have an API key have no reason to call this endpoint — it returns the same key you used to authenticate. This exists specifically so the dashboard can retrieve the key for a user after an email sign-in flow, without ever transmitting the key through a public URL or a checkout-session bearer token.

Authentication

This endpoint accepts either of two auth modes:

  • Dashboard service auth (primary consumer): X-Service-Key (the shared dashboard service secret) plus X-On-Behalf-Of (the target user's email). This is how dashboard.boringmarketing.com fetches a user's key after a successful magic-link sign-in.
  • User API-key auth: X-API-Key with the caller's own key. In this mode the endpoint just echoes the key back — useful as a self-check but not a common agent pattern.

Response

{
  "api_key": "bm_your_key_here..."
}

Errors

StatusMeaning
401Neither a valid X-Service-Key + X-On-Behalf-Of pair nor a valid X-API-Key was provided.

Example

resp = httpx.get(
    "https://api.boringmarketing.com/auth/me/api-key",
    headers={"X-API-Key": api_key},
)
print(resp.json()["api_key"])