Authentication
flashbay supports two authentication methods: email/password for the web UI, and API keys for programmatic access.
Web UI login
Sign up or log in at flashbay.dev with your email and password. The web UI uses session cookies — no extra setup needed.
API keys
API keys are used by the CLI, Python SDK, CI/CD integrations, and direct API calls.
Creating a key
- Log in to flashbay.dev
- Go to API Keys in the sidebar
- Click Create Key and optionally add a label (e.g. "CI pipeline", "local dev")
- Copy the key immediately — it's shown once and cannot be retrieved later
You can also create keys via the API:
curl -X POST https://api.fbay.io/v1/auth/keys \
-H "Authorization: Bearer key_..." \
-H "Content-Type: application/json" \
-d '{"label": "my new key"}'WARNING
API keys require a paid tier. Free-tier users need to top up credits before creating keys.
Key format
Keys are prefixed with key_ followed by 48 hex characters:
key_a1b2c3d4e5f6...Keys are hashed (SHA-256) before storage — flashbay never stores your raw key.
Using a key
Set the FLASHBAY_API_KEY environment variable:
export FLASHBAY_API_KEY=key_...The CLI and Python SDK pick this up automatically. For direct API calls, pass it in the Authorization header:
curl https://api.fbay.io/v1/boards \
-H "Authorization: Bearer key_..."Managing keys
View and revoke keys from the API Keys page in the web UI, or via the API:
# List your keys
curl https://api.fbay.io/v1/auth/keys \
-H "Authorization: Bearer key_..."
# Revoke a key
curl -X DELETE https://api.fbay.io/v1/auth/keys/key_abc123 \
-H "Authorization: Bearer key_..."Keys cannot be renamed after creation. To change a label, revoke the key and create a new one.
Authentication order
When multiple credentials are present, flashbay checks in this order:
- Session cookie (web UI)
Authorization: Bearer key_...header