Create and manage API keys

API keys (also called personal access tokens) let your own scripts and tools talk to the Backvera API – to list sites, trigger backups, start restores, and more – without signing in through the dashboard.

Create a key

  1. Open Settings and go to the API keys tab.
  2. Click Create, give the key a name so you can recognise it later, and choose when it should expire – 7, 30, 90, or 180 days, or never.
  3. Copy the key and store it somewhere safe.

You only see the key once. Backvera shows the full key right after you create it and never again – only a short prefix (like bv_pat_aB3x...) is kept so you can identify it in the list. If you lose it, revoke it and create a new one.

What a key can do

A key acts as you. It carries your account’s permissions across every workspace you belong to, so it can do anything you can do in the dashboard, subject to your role. There are no separate read-only or per-site key scopes today.

For safety, a key cannot be used for credential or security actions: it cannot create or revoke API keys, change your password, change two-factor settings, or delete your account. Those always require an interactive sign-in.

Use a key

Send the key as a Bearer token in the Authorization header. The API base URL is https://api.backvera.com/v1.

curl https://api.backvera.com/v1/sites \
  -H "Authorization: Bearer bv_pat_your_key_here"

The full endpoint reference – sites, backups, restores, downloads, reports, and more – lives at https://backvera.com/api-reference/. A revoked, expired, or unknown key returns 401 Unauthorized.

Revoke or rotate a key

On the API keys tab, Revoke a key to disable it immediately – anything still using it stops working at once. There is no rotate button: to rotate, create a new key, switch your tool over to it, then revoke the old one. Revoked keys stay listed for your reference.

Keep your keys safe

  • Treat a key like a password – anyone who has it can act as you. Never commit it to code or paste it where others can see it.
  • Store keys in a secrets manager or an environment variable, not in a file in your repository.
  • Use a separate key per tool or integration, with a short expiry, so you can revoke one without breaking the others.
  • Revoke keys you no longer use. If a key leaks, revoke it right away and create a new one.

Still need help? Email our team at [email protected].

Was this article helpful?