Skip to main content

Core Concepts

Understanding the fundamental concepts of the BevorAI API will help you build effective security integrations and workflows.

Authentication & API Keys

All API endpoints require authentication using Bearer tokens. Include your API key in the Authorization header: 
Authorization: Bearer YOUR_API_KEY

API Key Management

  • Creation & Refresh: API keys can be created and refreshed through the BevorAI Dashboard
  • Team Scoping: API keys are scoped to specific teams, ensuring proper access control
  • Permission Scopes: API keys have their own scopes, allowing you to create read-only keys for different environments
  • Security: Never share API keys in public repositories or client-side code
  • User-Specific: API keys will technically be scoped to the user that created them. This is fine for most use-cases, but you might lose granularity in billing and activities.

API Key Scopes

API keys support different permission levels to match your security requirements:
  • Full Access: Complete read and write access to all team resources
  • Read-Only: View-only access to projects, code versions, and audit results
  • Custom Scopes: Granular permissions for specific operations or resources
Use read-only API keys in production environments or CI/CD pipelines where you only need to retrieve audit results and don’t require write access to create new resources.

Get Your API Key

Create and manage API keys in the dashboard

Teams

Teams are the top-level organizational unit in BevorAI:
  • Access Control: API keys are scoped to teams, controlling which resources you can access
  • Management: Creating and updating teams is only accessible via the BevorAI Dashboard
  • Collaboration: Teams enable multiple users to collaborate on security projects
Team management operations (create, update, delete) are not available through the API. Use the dashboard for team administration.

Projects

Projects are generic containers for logical separation of code and security work:
  • Organization: Use projects to group related contract repositories, code iterations, or security assessments
  • Flexibility: Projects can represent different applications, protocols, or development phases
  • Tracking: All audits and scans within a project are grouped together for easy management
  • Github: By default, each github repository will be its own project once linked

Project Use Cases

  • Contract Development: Track all scans for a specific smart contract
  • Protocol Iterations: Monitor security across different versions of your protocol
  • Feature Development: Separate security assessments for different features or modules

Code Versions

Code versions represent specific iterations or snapshots of your codebase:
  • Versioning: Track different versions of your smart contracts or applications
  • Analysis Tracking: Each code version can have multiple analyses associated with it
  • Iteration Management: Compare security findings across different code versions
  • Github: With our github integration, each commit will generate a new code version, and associate it with the parent version

Analyses

Analyses are security assessments performed on your code versions:
  • Non-Deterministic: Analyses may produce different results on subsequent runs
  • Iteratives: Each analysis can be iterated on either manually, or automatically via our chat interface for arbitration
  • Inheritance: If analyses are built upon prior versions, information is retained if we detect no changes in relevant segments of the underlying code
  • AI-Powered: Leverages advanced AI models for thorough security analysis

Audit Best Practices

  • Regular Scanning: Schedule analyses at key development milestones
  • Comparison: Compare analysis results across different code versions to track security improvements
  • Triage: Triage with your team, and our internal AI-automated systems, for optimal results

Workflow Example

Here’s a typical workflow using these concepts:
  1. Team Setup: Create a team in the dashboard for your organization
  2. API Key: Generate an API key scoped to your team
  3. Project Creation: Create a project for your smart contract development
  4. Code Version: Create a code version for each major iteration
  5. Question Answering: Use our chat interface to help onboard to the codebase, if it’s unfamiliar to you
  6. Analysis: Generate your initial security analysis using our automated tooling
  7. Triage: Take the initial findings and triage in our chat interface to curate your findings, and produce new ones
  8. Collaborate: Link your findings with your team members, fork their analyses, and iterate

Interactive API Documentation

Explore endpoints, parameters, and examples

Integration Types

MCP Integration & Co-Piloting

Interactive, continuous engagement through Model Context Protocol integrations with IDEs like Cursor and Windsurf.

CI/CD

Continuous reporting and team insights integrated into your development pipeline.

API

Custom workflows and integrations for specialized use cases and protocol-specific needs.

Dashboard

In-depth insights and automation through the BevorAI dashboard.

Block Explorer Scanning

Autonomous detection pre/post deployment across major blockchain networks.

Multi-Agent Triaging (A2A)

Risk profiling and orchestration for complex security scenarios.

On-Premises Deployment

Enterprise on-premises deployment is coming soon. For early access and custom deployment options, contact our sales team at [email protected].