Skip to content

API Authentication

Learn how to authenticate with the Hive API for programmatic access.

Overview

The Hive API supports two authentication methods: - API Keys: For CLI and programmatic access - JWT Tokens: For web application access

API Key Authentication

Getting an API Key

Steps: 1. Log into Hive platform 2. Navigate to Configuration → API Keys 3. Click Generate 4. Generates and assigns a new key while revoking the old one.

📸 Screenshot: API key creation

Using API Keys

HTTP Header: 

X-Api-Key: your-api-key-here

cURL Example: 

curl -H "X-Api-Key: $API_KEY" \
  https://api.yourdomain.com/endpoint

Python Example: 

import requests

headers = {'X-Api-Key': 'your-api-key-here'}
response = requests.get('https://api.yourdomain.com/endpoint', headers=headers)

API Key Permissions

Permission Levels: - Read Only: View data only - Read/Write: View and modify data - Admin: Full access

Scope: - All engagements - Specific engagement - Specific campaign

JWT Token Authentication

JWT tokens are automatically managed by the web application. For programmatic access, use API Keys instead.

API Endpoints

API endpoint documentation is available in your Hive instance. Contact your administrator for the base URL and available endpoints specific to your deployment.

Rate Limiting

API requests are rate-limited to ensure service stability. If you exceed limits, implement exponential backoff and contact support if you need higher limits.

Error Handling

API errors return standard HTTP status codes: - 401: Invalid authentication - 403: Insufficient permissions
- 404: Resource not found - 429: Rate limit exceeded

Security Best Practices

API Key Security

✅ Never Commit: Don't commit keys to git
✅ Use Environment Variables: Store securely
✅ Rotate Regularly: Change keys periodically
✅ Limit Scope: Minimum necessary permissions
✅ Monitor Usage: Track API calls
✅ Revoke Unused: Remove old keys

Request Security

✅ Use HTTPS: Always encrypt in transit
✅ Validate Input: Sanitize all data
✅ Handle Errors: Don't expose internals
✅ Log Requests: Audit trail
✅ Implement Timeouts: Prevent hanging

Example Implementation

import requests

headers = {'X-Api-Key': 'your-api-key'}
response = requests.get('https://api.yourdomain.com/endpoint', headers=headers)
data = response.json()

Troubleshooting

Authentication fails: Verify API key is valid and not expired
Rate limited: Implement exponential backoff
Timeout: Check network connectivity and retry

Related: API Reference | APHIDS Integration | Configuration