BuzoREST API
Authentication
All Buzo API requests require a Bearer API key in the Authorization header. Keys are scoped; the sdk scope is what the SDK ingest endpoints expect.
Header
HTTP
Authorization: Bearer ak_live_…Keys
- Keys start with
ak_live_. They are displayed once at creation and can be regenerated from the dashboard at any time. - Rotate keys on a schedule. Revoked keys stop being accepted within seconds.
- Create a key at app.buzoai.com under Settings → SDK Keys.
Scopes
Keys are issued with a scope that determines which endpoints they can reach.
| Scope | Grants |
|---|---|
sdk | /v1/retrieval-traces, /v1/generation-traces, and read-only access to collections / fragments for SDK helpers. |
mcp | Full MCP proxy access (upsert, query, delete, list). Not for SDK use. |
ci | Scan-only key for CI pipelines. Not for SDK use. |
Failure cases
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or malformed header / invalid key. |
403 Forbidden | Key is valid but the scope does not permit this endpoint. |
429 Too Many Requests | Rate limit. Retry after the Retry-After seconds. |