Base URL
All requests are made against a single host.Authentication
Every request must include anAuthorization header carrying a bearer token. Replace bp_xxxxxxxxx with the API key issued from your workspace settings.
Treat your API key like a password. Rotate it from the dashboard immediately if you suspect it has been exposed.
User-Agent
All API requests must include aUser-Agent header. Requests without this header are rejected with a 403. Most HTTP clients, every Byteport SDK, and the CLI set it automatically — if you are making raw HTTP requests, set it yourself:
Response codes
Byteport follows standard HTTP semantics. A successful request returns2xx; client errors return 4xx with a JSON body describing what went wrong.
| Code | Meaning |
|---|---|
200 | Request completed successfully. |
201 | Resource created successfully. |
202 | Request accepted; the operation is running asynchronously. |
204 | Request succeeded; no response body. |
400 | The request body or query parameters were invalid. |
401 | Missing or invalid API key. |
403 | The User-Agent header is missing, or the key lacks access. |
404 | The location or file referenced in the request was not found. |
429 | Rate limit exceeded — back off and retry. |
5xx | Byteport encountered an internal error. |
Rate limits
Rate limits are applied per API key. When you exceed the limit, Byteport returns429 Too Many Requests and a Retry-After header indicating when to try again. Long-running operations (Transfers, Preview) count as a single request regardless of how many files they touch.
Need higher limits?
Reach out and we’ll raise your quota.

