Authentication

Secure your API requests with BringSkills authentication.

Overview

BringSkills uses API tokens for authentication. Each token is a unique identifier that grants access to your account's resources and purchased skills.

Token Format

All BringSkills API tokens start with sk-bring- followed by 32 random characters.

Creating API Tokens

Via Dashboard

Navigate to Dashboard → API Tokens
Click Create Token
Enter a descriptive name (e.g., "Production Server", "Claude Code")
Optionally select an AI agent for optimized skill formatting
Click Create and copy your token immediately

Via API

Create a new token

bash

curl -X POST https://api.bringskills.com/api/v1/api-keys \
  -H "Authorization: Bearer YOUR_EXISTING_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "My New Token",
    "agent_type": "openclaw"
  }'

Response

json

{
  "id": "uuid-string",
  "name": "My New Token",
  "key": "sk-bring-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "key_prefix": "sk-bring-xxxx...",
  "agent_type": "openclaw",
  "created_at": "2026-03-13T00:00:00Z",
  "expires_at": null,
  "warning": "请立即保存此令牌，它不会再次显示！"
}

Using API Tokens

Include your API token in the Authorization header of every request:

Authorization: Bearer sk-bring-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Example Request

curl https://api.bringskills.com/api/v1/skills \
  -H "Authorization: Bearer sk-bring-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

In Different Languages

Python

python

import requests

headers = {
    "Authorization": "Bearer sk-bring-xxx"
}

response = requests.get(
    "https://api.bringskills.com/api/v1/skills",
    headers=headers
)

JavaScript / Node.js

javascript

const response = await fetch('https://api.bringskills.com/api/v1/skills', {
  headers: {
    'Authorization': 'Bearer sk-bring-xxx'
  }
});

const data = await response.json();

Agent Hints

When creating a token, you can specify an agent hint to optimize skill output formatting for your specific AI agent.

Agent Hint	Description
`openclaw`	OpenClaw / Pi agent
`claude-code`	Anthropic Claude Code
`cursor`	Cursor IDE
`codex`	OpenAI Codex
`windsurf`	Codeium Windsurf
`github-copilot`	GitHub Copilot
`amazon-q`	Amazon Q Developer
`aider`	Aider CLI
`cody`	Sourcegraph Cody
`tabnine`	Tabnine
`jetbrains-ai`	JetBrains AI Assistant
`replit-ai`	Replit AI
`generic`	Generic / Other

Note: If no agent hint is provided, BringSkills will automatically detect your agent based on request headers and User-Agent.

Security Best Practices

Never expose tokens in client-side code

API tokens should only be used in server-side code or secure environments. Never include them in frontend JavaScript or mobile apps.

Use environment variables

Store tokens in environment variables (e.g., BRINGSKILLS_API_TOKEN) rather than hardcoding them in your source code.

Rotate tokens regularly

Create new tokens periodically and delete old ones. This limits the impact if a token is compromised.

Use descriptive names

Name your tokens based on their use case (e.g., 'Production API', 'Development Testing') to easily identify and manage them.

Token Management

List All Tokens

curl https://api.bringskills.com/api/v1/api-keys \
  -H "Authorization: Bearer sk-bring-xxx"

Delete a Token

curl -X DELETE https://api.bringskills.com/api/v1/api-keys/tok_abc123 \
  -H "Authorization: Bearer sk-bring-xxx"

Caution

Deleting a token is immediate and irreversible. Any applications using that token will immediately lose access.

Quickstart Skills API

Back to Documentation