Authentication

All REST API requests require a Bearer token in the Authorization header.

Getting a Token

Generate API keys in the StreamBot dashboard: Settings > API Keys > Create Key.

Token Types

TypePrefixBehavior
Livesb_live_Events are delivered to the live overlay
Testsb_test_Events are accepted but not delivered (for development)

Using Your Token

curl -X POST https://api.streambot.co/v1/features/sbcanvas/events/ch_abc123 \
  -H "Authorization: Bearer sb_live_xxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"event": "custom:confetti", "data": {"count": 200}}'

await fetch('https://api.streambot.co/v1/features/sbcanvas/events/ch_abc123', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer sb_live_xxxxxxxxxxxx',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ event: 'custom:confetti', data: { count: 200 } })
});

import requests

requests.post(
    "https://api.streambot.co/v1/features/sbcanvas/events/ch_abc123",
    headers={"Authorization": "Bearer sb_live_xxxxxxxxxxxx"},
    json={"event": "custom:confetti", "data": {"count": 200}}
)

Token Security

  • Never expose tokens in client-side code or public repositories
  • Use sb_test_ tokens during development
  • Store tokens in environment variables or secret managers
  • Rotate tokens periodically via the dashboard

Revoking Tokens

Revoke compromised tokens from Settings > API Keys > Revoke. Revoked tokens immediately return 401 Unauthorized on all requests.

Error Responses

StatusMeaning
401Missing Authorization header or invalid token
403Token is valid but lacks permission for this action