Bono API Authentication

Bearer tokens with scoped permissions

Authenticate with Authorization: Bearer bono_live_… or X-API-Key. Keys carry a subset of the scopes your account has been approved for: profile:read, pages:read, posts:read, posts:write, generate:* (blog/linkedin/twitter/carousel/video), publish:* (linkedin/twitter), and webhooks:manage.

Rate limits and errors

Per-key rate limits: 60 rpm for reads, 10 rpm for generation, 5 rpm for publish, 30 rpm for webhooks management. Errors return a JSON body with error.code and error.message — common codes include missing_api_key, invalid_api_key, missing_scope, insufficient_credits, and rate_limited.