API keys and developer access

Last updated: April 17, 2026

BetterReviews has a REST API that lets you manage reviews, send review requests, and configure settings programmatically. To use it, you need an API key. This page covers how to create one, what scopes to pick, and how to keep your keys secure.

Most merchants won’t need an API key — if you’re collecting reviews through the BetterReviews admin and displaying them on your widget, everything works without one. API keys are for:

AI agents — giving a tool like the BetterReviews Claude Code skill access to your store
Custom integrations — internal tools, dashboards, or automations you’ve built
Third-party automation — Zapier, Make, n8n, or similar platforms

Creating an API key

Open the BetterReviews admin
Go to Settings → Developer
Click Create token

Screenshot of the Developer settings page with Create token button — manual capture, drop in here.

In the modal that appears:

Name — a label for the token (e.g. “Zapier”, “internal ops dashboard”). Only visible to you, helps you identify what each token is for later.
Scopes — pick one:
- Read & Write (default) — full access to manage reviews, settings, and review requests
- Read only — can list reviews, stats, and settings but can’t create, approve, or delete anything

Click Create. The token is generated.

Screenshot of the token creation modal with scopes — manual capture, drop in here.

Important: copy the token now

The token is only shown once. We don’t store the full value — just a hash used to verify requests. If you close the modal without copying, you’ll need to create a new token.

Screenshot of the token display after creation with copy button — manual capture, drop in here.

We show the token in a highlighted field with a Copy button. Click copy, paste into wherever you need it (password manager, Zapier config, etc.), and only then close the modal.

Using the token

Every API request uses Authorization: Bearer with your token:

curl https://api.betterreviews.app/api/v1/reviews \
  -H "Authorization: Bearer ppo_YOUR_TOKEN"

See the API reference for every available endpoint.

Token format and security

Tokens are prefixed with ppo_ so they’re easy to recognize in logs or config files
Each token is scoped to a specific store — a token from one store can’t access a different store’s data, even if you have multiple BetterReviews installs
Tokens don’t expire by default, but we recommend rotating them periodically (every 6-12 months)

Where NOT to put your token

Client-side code — never embed an API key in JavaScript that runs in a browser. Keys there are public; anyone can read them.
Public git repos — use environment variables or a secrets manager
Unencrypted config files — especially if those files get shared or backed up somewhere

If you suspect a token has leaked, revoke it immediately and create a new one.

Revoking a token

The Developer settings page lists every active token with:

Its name
Its scopes
When it was last used (or “Never used”)

Click Revoke on any token and confirm. The token stops working immediately — any system using it will start getting 401 errors from the API.

Screenshot of the token list with revoke button — manual capture, drop in here.

There’s no “pause” — revoking is permanent. If you revoke a token you still need, create a new one.

Common integration patterns

Claude Code skill

The BetterReviews Claude Code skill uses an API key to let AI agents manage reviews, send links, and analyze content from your command line or CI. Install it once, paste your token when prompted, and the AI can work on your reviews with the scopes you granted.

Zapier / Make / n8n

Create a token with Read & Write scopes, then use it in any HTTP Request step in these platforms. Our API returns standard JSON so mapping to their data types is straightforward.

Your own dashboards

If you’re building an internal tool that shows review stats, pulls recent reviews, or triggers review requests, a Read & Write token + a thin HTTP client is usually all you need. The API reference documents every endpoint.