Business API · GraphQL
Authentication
There’s no user session — a key authenticates the request on its own.
API key
send your key in the Authorization header as a Bearer token
Create and manage keys in the business admin under Settings → API keys: name a key, grant it scopes, and copy its secret once at creation. Treat the secret like a password — store it server-side and rotate it if it leaks.
bash
curl https://business.sessions.website/@<handle>/api/graphql \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer sk_live_…' \
--data '{"query":"{ activeBusiness { id name } }"}'The full key model
Scopes, HTTPS, rotation, and how effective access is computed live in the shared reference. API keys reference