Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/ComposioHQ/composio/llms.txt

Use this file to discover all available pages before exploring further.

All Composio API requests require a project API key. Pass it in the x-api-key header or as a Bearer token in the Authorization header. Get your API key from the Composio dashboard at composio.dev. Without a valid key every request returns 401 Unauthorized.

Get your API key

  1. Sign in to composio.dev
  2. Navigate to Settings in the left sidebar
  3. Under Project Settings, find the API Keys section
  4. Copy your project API key
Your key is project-scoped: all resources you create (connected accounts, auth configs, trigger instances) belong to the project the key was issued for.
Your API key grants full access to your project. Never expose it in client-side code, commit it to source control, or include it in logs. Rotate the key immediately if it is compromised.

Request headers

Composio accepts the API key in two formats. Both are equivalent — use whichever your HTTP client handles more naturally.

x-api-key header (preferred)

curl https://backend.composio.dev/api/v3.1/tools \
  -H "x-api-key: $COMPOSIO_API_KEY"

Authorization: Bearer header

curl https://backend.composio.dev/api/v3.1/tools \
  -H "Authorization: Bearer $COMPOSIO_API_KEY"

Python (requests)

import os
import requests

response = requests.get(
    "https://backend.composio.dev/api/v3.1/tools",
    headers={"x-api-key": os.environ["COMPOSIO_API_KEY"]},
    params={"toolkit_slug": "github", "limit": 5},
)
data = response.json()

TypeScript (fetch)

const response = await fetch(
  "https://backend.composio.dev/api/v3.1/tools?toolkit_slug=github&limit=5",
  {
    headers: {
      "x-api-key": process.env.COMPOSIO_API_KEY!,
    },
  },
);
const data = await response.json();

Organization API key

For organization-level endpoints (e.g. managing multiple projects), use the x-org-api-key header with your organization API key instead. 
curl https://backend.composio.dev/api/v3.1/org/projects \
  -H "x-org-api-key: $COMPOSIO_ORG_API_KEY"
Retrieve your organization API key from Organization SettingsGeneral SettingsOrganization Access Tokens at composio.dev.

Environment variable

The Composio SDK reads the API key from the COMPOSIO_API_KEY environment variable by default. Set it once and all SDK calls are automatically authenticated: 
export COMPOSIO_API_KEY="your_api_key_here"

from composio import Composio

# No explicit api_key needed — reads from COMPOSIO_API_KEY
composio = Composio()
For production deployments, inject the key via your secrets manager, CI/CD environment secrets, or a .env file excluded from version control.

API key scopes

Project API keys are scoped to a single Composio project. Every resource created — connected accounts, auth configs, trigger instances, files — belongs to that project and is isolated from other projects. You cannot use a project key to access resources in another project. Use the organization API key (x-org-api-key) when you need cross-project access for administrative operations.

Error responses

An invalid or missing API key returns 401 Unauthorized: 
{
  "error": {
    "message": "Invalid API key provided",
    "status": 401,
    "request_id": "req_abc123def456"
  }
}
A valid key without permission to the requested resource returns 403 Forbidden: 
{
  "error": {
    "message": "The API key doesn't have permission to perform this action",
    "status": 403,
    "request_id": "req_abc123def456"
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us