Skip to main content

Overview

Every API request must include a Bearer token in the Authorization header. Your token is an API key created in your Alfred Black dashboard.

Getting your API key

  1. Go to your Alfred Black dashboard
  2. Navigate to Settings > API Keys
  3. Click Create and give it a descriptive name
  4. Copy the key immediately — it’s shown only once
API keys use the format alf_ followed by 32 hex characters: 
alf_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

Making authenticated requests

Include the API key as a Bearer token in every request: 
curl https://alfred.black/api/v1/vault/context \
  -H "Authorization: Bearer alf_your_key_here"

Best practices

  • Store keys in environment variables — never hardcode them in source code 
    export ALFRED_API_KEY="alf_your_key_here"
curl https://alfred.black/api/v1/vault/context -H "Authorization: Bearer $ALFRED_API_KEY"
  • Rotate periodically — create a new key and revoke the old one every few months
  • Use descriptive names — name keys after their purpose so you know which to revoke
  • Revoke unused keys — clean up keys for integrations you no longer use

Error responses

Missing or invalid authentication returns a 401 status: 
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or malformed Authorization header"
  }
}

Testing authentication

Use the health endpoint to verify your credentials: 
curl https://alfred.black/api/v1/admin/health \
  -H "Authorization: Bearer alf_your_key_here"
A successful response confirms your API key is valid and your Alfred is reachable.

Next steps

Vault endpoints

Start with vault operations

Workers endpoints

Direct your specialists