Skip to main content
Bulkgrid uses API key authentication on every current endpoint.

Send the API key in x-api-key

curl https://your-bulkgrid-base-url/api/v1/search \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: bg_live_your_api_key' \
  -d '{"query":"release notes"}'

export BULKGRID_API_KEY='bg_live_your_api_key'
export BULKGRID_BASE_URL='https://your-bulkgrid-base-url'

What to avoid

  • Do not expose Bulkgrid API keys in browser code.
  • Do not treat the key as a bearer token.
  • Do not assume proxies preserve custom headers unless you control that path.

Common failures

401 Unauthorized

This usually means the x-api-key header is missing, malformed, or invalid. Example error shape: 
{
  "error": "Unauthorized"
}

Requests work locally but fail in production

Check these first:
  • the deployed service is using the right environment variables
  • the request is being sent to the correct Bulkgrid base URL
  • no gateway, CDN, or proxy is stripping x-api-key
Call Bulkgrid from your backend or worker layer, not directly from the browser.