Skip to content

Business API · GraphQL

Authentication

There’s no user session — a key authenticates the request on its own.

API key

send your key in the Authorization header as a Bearer token

Create and manage keys in the business admin under Settings → API keys: name a key, grant it scopes, and copy its secret once at creation. Treat the secret like a password — store it server-side and rotate it if it leaks.

bash
curl https://business.sessions.website/@<handle>/api/graphql \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer sk_live_…' \
  --data '{"query":"{ activeBusiness { id name } }"}'
The full key model
Scopes, HTTPS, rotation, and how effective access is computed live in the shared reference. API keys reference