My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Rest APIs & Webhooks
  3. Rest API Guide

Generate and Manage API Keys in BoldDesk

Updated:

This guide explains how to generate an API key directly from the BoldDesk agent interface. API keys are used to authenticate requests to the BoldDesk API and are managed entirely within your BoldDesk account.



Check out this video tutorial for more details.

API Key Location in the BoldDesk Agent Interface

Navigation path:

Agent ProfileView profile & SettingsAPI Keys

API Key.png

Ensure the “Manage API Keys” permission is enabled in your profile. If this permission is not granted, attempting to create an API key after entering the Identification Name will result in an “Access Denied” error.

Role and Permission
Navigation Path:
AdminsRole & Permission

Role and Permission.png

Step-by-Step: Create an API Key in BoldDesk

Follow these steps exactly as shown in the BoldDesk UI.

1: Open Personal Settings

  • Sign in to your BoldDesk agent account.

  • Click your profile avatar.

  • Select View profile & Settings.

    View profile & settings.png

2: Go to the API Keys Tab

  • In Personal Settings, open the API Keys tab.

  • Click Create API Key.

    Create API Key.png

3: Enter an Identification Name

  • In the Create API Key dialog:

    • Enter an Identification Name.

  • Click Create.

    Enter an Identification Name.png

4: Copy and Secure the API Token

  • Copy the generated API Key Token immediately.

  • Store it securely.

    Copy API Token.png

Using the BoldDesk API Key

When making API requests to BoldDesk:

  • Pass the API key token in the HTTP request header.
  • Authentication is handled natively by the BoldDesk API.

For endpoint usage, explore further instructions about Developer API.

Managing Existing API Keys in BoldDesk

From Personal Settings → API Keys, agents can manage all previously created API keys using the built‑in API key table.

Available API Key Controls

Within the API Keys tab, BoldDesk displays the following columns:

  • Name – The Identification Name assigned during creation

  • Created Date – Timestamp showing when the API key was generated

  • Status – Current state of the key (for example, Enabled)

  • Action – Management options for each API key

    Existing API Keys.png

Supported Actions
Agents can perform the following actions directly from the Action column:

  • Disable
    Temporarily deactivates the API key without deleting it. Disabled keys cannot be used for API authentication.

    Disable.png

  • Revoke
    Permanently invalidates the API key. Revoked keys cannot be restored and must be recreated if needed again.

    Revoke.png

How to Resolve the “Access Denied” Error in the BoldDesk API

An “Access Denied” error (HTTP 401 or 403) indicates that BoldDesk rejected the API request due to authentication or permission issues. Use the checks below to identify and resolve the problem.

1: Verify the API Key Header
Ensure the API request includes the required header:

  • Header name: x-api-key
  • Value: Your active BoldDesk API key token
  • The header name must match exactly (case‑sensitive).

Missing or incorrectly named headers will result in a 401 error.

2: Confirm the API Key Is Active
In Personal Settings → API Keys:

  • Verify the API key Status is Enabled
  • Ensure the key has not been revoked
  • Confirm the key belongs to an active agent account

Disabled or revoked keys are immediately rejected by the BoldDesk API.

3: Check Agent Role Permissions
API access is limited by the agent’s role permissions.

From Admin SettingsRoles & Permission:

Confirm the agent’s role has access to the module you are calling, such as:

  • Tickets
  • Contacts
  • Knowledge Base

If the role does not include the required module, BoldDesk returns a 403 error even with a valid API key.

4: Validate the BoldDesk Domain in the Request URL
Ensure the request URL uses your correct BoldDesk domain:

https://{your-domain}.bolddesk.com

Frequently Asked Questions (BoldDesk Only)

1. Can I view an API key again after closing the dialog?
No. BoldDesk does not allow API tokens to be viewed again. You must create a new API key if the original token is lost.

2. Can API keys be edited after creation?
No. The Identification Name and token cannot be edited. You can only revoke the key and create a new one.

3. Are API keys managed in Admin Settings?
No. API keys are created and managed at the agent level under Personal Settings → API Keys. Admin Settings do not provide direct API key creation.

4. Does BoldDesk support API key expiration dates?
No. API keys do not expire automatically. Manual revocation is required to disable a key.

5. Can API keys be generated from the Help Center?
No. API keys can only be generated from the agent interface, not from the Help Center or end-user portals.

Related Articles

  1. BoldDesk Rest API guide for developers
  2. BoldDesk API Authentication Guide: Secure Access Made Simple
  3. How to Use Swagger UI to Test the BoldDesk REST API
Attachments
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
Comments (0)
Access denied
Access denied