Documentation

API Keys

Create scoped RestoreCord API keys with permission bitfields, IP allowlists, lifecycle controls, and endpoint access mapping.

Copy page

Key Format

RestoreCord API keys are automation credentials in the format <keyId>.<secret>. The key ID identifies the credential and the secret authenticates the request.

BASH
Authorization: Bearer <keyId>.<secret>

Store the full key only once when it is created. Rotate the key if it appears in logs, screenshots, repositories, browser code, or Discord messages.

Create and Manage Keys

API keys are created and managed in the RestoreCord dashboard. API credentials are for server-side integrations that call documented customer API endpoints.

Setting
Name
Purpose
Use a unique name that identifies the integration or job.
Setting
Expiration
Purpose
Choose the shortest useful lifetime for the integration.
Setting
Permissions
Purpose
Grant only the endpoint groups the integration needs.
Setting
IP allowlist
Purpose
Restrict access to fixed infrastructure when possible.

Authentication

  • Send the key in the Authorization header.
  • Use the Bearer prefix for consistency with the rest of the v3 API.
  • Use API keys from server-side code only; never ship them in browser bundles or public clients.
  • Expired, revoked, inactive, IP-blocked, or banned-account keys are rejected.

Permissions

Permissions are stored as a bitfield internally and are selected by name in the dashboard/API. Grant the smallest set your integration needs.

Permission Sets

Permission
READ_ACCOUNT
Value
1
Allows
Read basic account information.
Permission
READ_SERVERS
Value
2
Allows
List and inspect RestoreCord servers.
Permission
READ_MEMBERS
Value
4
Allows
Read member records and member status.
Permission
READ_BOTS
Value
8
Allows
Read bot metadata. Tokens and client secrets are hidden.
Permission
READ_ANALYTICS
Value
16
Allows
Read analytics data.
Permission
WRITE_SERVERS
Value
256
Allows
Create, update, and delete server settings.
Permission
WRITE_MEMBERS
Value
512
Allows
Modify member records.
Permission
WRITE_BOTS
Value
1024
Allows
Create, update, and delete custom bot records.
Permission
CREATE_BACKUPS
Value
65536
Allows
Create snapshots and run snapshot migration operations.
Permission
RESTORE_BACKUPS
Value
131072
Allows
List, inspect, delete, and restore snapshots.
Permission
SERVER_PULL
Value
1048576
Allows
Pull authorized members into a Discord server.
Permission
SERVER_FIREWALL
Value
4194304
Allows
Manage firewall rules, passwords, bypasses, logs, and imports.

READ_ACCOUNT is the safe baseline for most integrations. Add write, pull, backup, or firewall permissions only for jobs that need them.

Endpoint Access

Use the dedicated API reference pages for full request and response fields. This table maps API-key permissions to the major endpoint groups.

Endpoint group
Account
Common endpoints
GET /api/v3/users
Permission
READ_ACCOUNT
Endpoint group
Servers
Common endpoints
GET /api/v3/servers, GET /api/v3/servers/{serverId}
Permission
READ_SERVERS
Endpoint group
Migration status
Common endpoints
GET /api/v3/servers/status
Permission
READ_SERVERS
Endpoint group
Migration control
Common endpoints
POST, DELETE, PATCH /api/v3/servers/{serverId}/migrations
Permission
Server owner/sub-user access; no additional API-key bit is enforced by the route
Endpoint group
Server writes
Common endpoints
POST /api/v3/servers, PATCH /api/v3/servers/{serverId}, DELETE /api/v3/servers/{serverId}
Permission
WRITE_SERVERS
Endpoint group
Members
Common endpoints
GET /api/v3/servers/{serverId}/members, GET /api/v3/members/{userId}
Permission
READ_MEMBERS
Endpoint group
Member pull
Common endpoints
PUT /api/v3/servers/{serverId}/members/{userId}
Permission
SERVER_PULL
Endpoint group
Bots
Common endpoints
GET /api/v3/bots, POST /api/v3/bots, PATCH /api/v3/bots/{botId}, DELETE /api/v3/bots/{botId}
Permission
READ_BOTS or WRITE_BOTS
Endpoint group
Snapshots
Common endpoints
GET /api/v3/snapshots, POST /api/v3/servers/{serverId}/snapshots, POST /api/v3/snapshots/{snapshotId}/restore
Permission
CREATE_BACKUPS or RESTORE_BACKUPS
Endpoint group
Firewall
Common endpoints
/api/v3/servers/{serverId}/firewall/*
Permission
SERVER_FIREWALL
Endpoint group
Analytics
Common endpoints
/api/v3/servers/analytics, /api/v3/servers/firewall/analytics
Permission
READ_ANALYTICS
Endpoint group
Webhook events
Common endpoints
PATCH /api/v3/servers/{serverId} with webhookUrl, POST /api/v3/servers/{serverId}/webhook-secret
Permission
WRITE_SERVERS plus Enterprise plan for server updates; the secret route currently enforces Enterprise owner access but no API-key permission bit

IP Allowlists

Restrict keys to fixed infrastructure when possible. Allowlist entries can be exact IP addresses or CIDR ranges.

TXT
203.0.113.10
198.51.100.0/24
2001:db8::/32

Safe Usage

1

Use one key per integration

Separate keys make it clear which system performed an action and let you revoke one integration without breaking others.

2

Keep destructive access isolated

Put WRITE_MEMBERS, WRITE_BOTS, SERVER_PULL, and backup restore permissions on dedicated keys, not read-only dashboard/reporting keys.

3

Handle API failure states

Automation should explicitly handle 401, 403, and 429 responses.

Next Steps

Full API Reference

Review global request behavior, schemas, errors, and rate limits.

Webhook Events

Verify signed event delivery from RestoreCord.