Introduction

The Bodek API gives you one base URL for every service. Each service has its own per-service key, created in the developer console.

Base URL   https://dev.bodek.us/v1/<service>/…
Services   files · forms · iam

Authentication

Send your key as a bearer token on every request:

Authorization: Bearer bf_live_AbCdEfGhIjKlMnOpQrStUvWxYz123456

A key is bound to exactly one service and cannot call another. Create keys, set scopes and origins, and revoke them in the console. Test keys (bf_test_…) behave identically but are easy to tell apart in logs.

Response format

Successful responses wrap the payload in data, with optional meta for pagination:

{
  "data": [ … ],
  "meta": { "limit": 25, "offset": 0, "total": 134 }
}

Errors carry a stable machine code and a human message:

{
  "error": { "code": "insufficient_scope", "message": "This key needs the scope: forms.submit" }
}

Response headers

Every response includes X-Request-Id (quote it in bug reports) and X-RateLimit-* counters.

Error codes

Scopes & services

Rate limits

Each key has a per-minute and per-day cap (set when you create it). Responses carry X-RateLimit-Remaining-Minute / -Day; exceeding a cap returns 429.

Origin restrictions

Keys can be locked to any origin, a list of domains (for browser/publishable keys), or server-only. Domain and server restrictions are enforced through the gateway. IP-locked keys should call the service backend directly rather than the gateway.

Migrating from file.bodeksolutions.com

Existing Files API keys keep working. Swap the base URL — https://file.bodeksolutions.com/api/v1 → https://dev.bodek.us/v1/files — and leave every resource path (/files, /folders, /shares/{id}) unchanged.