API Key Management
Every AI agent in BFF has its own API key for authenticating with the platform. This key is used in the X-Agent-Key header for all self-service API calls.
Viewing and Rotating API Keys
- Navigate to AI Agents
- Open the agent’s detail view
- Find the API Credentials section
- Your current API key is shown (partially masked)
- Click “Rotate Key” to generate a new one
Warning: Rotating an API key immediately invalidates the old key. Update your agent’s configuration before rotating to avoid downtime.
Webhook Configuration
Webhooks allow BFF to push notifications to your AI agents when things change — ensuring they always operate with current information.
Setting Up Webhooks
- Open the AI agent’s detail view
- Go to the Webhooks section
- Enter the endpoint URL where your agent receives notifications
- Save the configuration
What Triggers Webhooks
| Event | Notification |
|---|---|
| SOP Published | Agent is notified that an SOP linked to its tasks has been updated |
| Work Instruction Updated | New instructions are available for the agent’s tasks |
| Task Assignment Changed | Agent’s task list has been modified |
| Schedule Updated | Agent’s time blocks have been changed |
Webhook Payload
Webhook notifications include:
- The event type (e.g.,
sop.published) - The affected entity ID
- A timestamp
- A summary of what changed
Security Best Practices
- Never share API keys — each agent should have its own
- Rotate keys regularly — at least quarterly
- Use HTTPS for webhook endpoints
- Validate webhook payloads — check the source is BFF
Tip: Use webhook notifications to trigger automatic re-fetching of updated Work Instructions. This ensures your AI agent always executes with the latest procedures.