API Reference
Authentication
The OWB REST API uses API key authentication. Every request must include a valid key in the Authorization header.
Create an API key
- Sign in to Ontology Workbench
- Go to Settings → API Keys
- Click Create, give the key a name (e.g. "CI pipeline")
- Copy the key — it's shown once and cannot be retrieved again
Keys have the format owb_ followed by 64 hex characters.
Making requests
Include the key as a Bearer token:
curl $OWB_BASE_URL/api/v1/models \
-H "Authorization: Bearer $OWB_API_KEY"Key scoping
API keys are account-scoped. A key has the same access as the user who created it:
- All personal models owned by that user
- All organization models where the user is a member (any role)
There are no read-only keys or restricted-scope keys. Treat your API keys as secrets.
Revoking keys
Go to Settings → API Keys and click the trash icon next to a key. Revocation is immediate — any in-flight requests using the key will fail.
Security best practices
- Never commit API keys to version control
- Use environment variables:
OWB_API_KEY=owb_... - Rotate keys periodically
- Create one key per integration so you can revoke individually
Error responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid key |
429 Too Many Requests | Rate limit exceeded |
See Errors for the full error response format.