BGplus Docs
Dashboard

Authentication

Every request to the BGplus API must include a valid API token. Tokens are scoped per-project and can be found in your project dashboard under the General tab.

How It Works

1

Get Your Token

Copy your API token from the General tab in the dashboard.

2

Add a Header

Include the token in a request header using one of the supported formats.

3

Make Requests

All authenticated requests will be scoped to the project the token belongs to.

Supported Headers

Include your API token in one of the following request headers. We recommend using x-api-token.

  • x-api-token: your_api_tokenRecommended
  • Authorization: Bearer your_api_token
  • api-token: your_api_token

Header Reference

ParameterTypeDescription
x-api-tokenrequiredstringThe recommended way to authenticate. Pass your API token directly as the header value.
AuthorizationstringStandard HTTP authorization header. Must use the Bearer scheme followed by your token.
api-tokenstringLegacy alternative header. Works identically to x-api-token.
GET
https://bgplus.robbiee.com/api/v1/list

Headers

x-api-token: your_api_token

No request body required for this method.

Authentication Errors

If your token is missing, invalid, or has been reset, the API will return one of the following errors.

401

Missing Token

No API token was found in the request headers. Ensure one of the supported headers is present.

{ "error": "API token is required" }
401

Invalid Token

The provided token does not match any project. It may have been reset or is incorrect.

{ "error": "Invalid API token" }

Finding Your Token

  1. Navigate to your Dashboard.
  2. Select a project, then open the General tab.
  3. Your API token is displayed under the Authentication section.
  4. Click the icon to reveal it, then copy it using the copy button.

Tokens are hidden by default for security. Only users with the View API Token permission can see the token.

Resetting Your Token

If you believe your token has been compromised, you can reset it from the dashboard under General → Authentication → Reset Token.

Resetting your token immediately invalidates the old one. Any existing scripts, bots, or integrations using the previous token will stop working until updated with the new token.

Security Best Practices

Keep tokens secret

Never share your API token publicly — in screenshots, repositories, or Discord messages.

Use server-side requests

Never expose your token in client-side / browser JavaScript. Always call the API from a backend or bot.

Rotate regularly

Periodically reset your token from the dashboard to minimize the impact of accidental exposure.

One token per project

Each project has its own token. Actions are scoped to that project — tokens cannot access other projects.

BotGhost Integration

In BotGhost, use the Send an API Request block. Add a header with key x-api-token and paste your token as the value. Set the Method to match the endpoint you are calling (e.g. POST for create, GET for list).

For detailed endpoint examples, see the Create, List, Edit, and Delete endpoint documentation.

Previous

Introduction

Next

Discord Bot