Getting started

The Bodyguard Bamboo API provides an easy way to analyze text messages.

The API closely follows REST semantics but also GRAPHQL specifications. It uses JSON to encode objects and relies on standard HTTP codes to signal operation outcomes.

The API documentation below describes all use cases. We recommend that you use graphical tools like Postman to test our API with your own analysis.


To use the Bamboo API, you will have to contact us at and request an account creation for our Dashboard.


All API requests must be authenticated and made over SSL.


Bamboo uses API keys authorization. An API key is a token that a client provides when making API calls.

To generate or manage your API keys, visit the dashboard page. Your API keys carry great power and, as you know, great power implies great responsibility, so be sure to keep it secret!

Required Headers

You will need to send some headers when making API calls to identify your application and set the content type to JSON. You must authenticate to the API by providing your API key in the header of your HTTP request using:

X-Api-KeyYour API key

Rate limits

A rate limit is the number of API calls an app or user can make within a given time period.


Our API is currenlty limited to 50 requests per second. If you exceed this rate, you will receive a 429 HTTP status code and will have to wait the given time period to make new requests.

You can check the reponse's headers to get more detailed informations:

HeaderValue exampleDescription
Retry-After1.898The remaining window before the rate limit resets, in UTC epoch seconds.
X-RateLimit-Limit50The maximum number of requests you're permitted to make per second.
X-RateLimit-Remaining49The number of requests remaining in the current rate limit window.
X-RateLimit-ResetMon Jan 18 2021 11:41:08 GMT+0100 (Central European Standard Time)The time at which the current rate limit window resets (RFC 1123 format).

If you anticipate a higher requests volume, we recommend that you contact us at