Authentication
BLIPS API tokens are credential pairs. Each token consists of:clientIdclientSecret
- Basic Auth username =
clientId - Basic Auth password =
clientSecret
clientSecret is only returned on token creation.
That means the token create flow is the one point where the full credential pair is revealed. Subsequent token list, detail, and revoke surfaces should be treated as management/readback operations and not as secret-retrieval surfaces.
In the current OpenAPI copy, this is defined as the BasicAuth security scheme and applied globally across the public contract.
What this means for Mintlify
Once the docs site is deployed through Mintlify:- API Reference pages will show the authentication requirement automatically.
- Playground forms expose the corresponding Basic Auth input.
- Endpoint pages inherit the security requirement from the OpenAPI document unless an operation overrides it.
Public Test Environment
The current public docs and Try It surface are bound to the Public Test Backend at:- Public Playground requests authenticate with platform tokens only.
INTERNAL_API_KEYis operator-only and is never a public fallback.- Public Test credentials should be treated as internet-testable credentials for the retained public API ring.
Auth-adjacent surfaces
The public API also includes token-management endpoints. Those routes are part of the authenticated API surface and should remain documented in the generated reference rather than being duplicated manually here. That means this page should explain:- what a BLIPS API token actually is
- how
clientId + clientSecretmap into Basic Auth - that
clientSecretis only returned on token creation - that current public Try It requests go to the Public Test Backend
- that public Playground auth uses platform tokens and not operator credentials