Skip to content

API Keys

Manage API keys for programmatic access to Hive.

Overview

API keys provide authentication for:

  • APHIDS CLI
  • Custom integrations
  • Automation scripts
  • Third-party tools
  • CI/CD pipelines

Creating API Keys

Generate New Key

Steps: 1. Navigate to Configuration → API Keys 2. Click Generate

📸 Screenshot: API key creation

Important: API key is shown only once. Store it securely!

Key Configuration

Permissions: - Read-Only: View data only - Read/Write: View and modify data

Scope: - All Engagements: Access all data (higher risk) - Specific Engagements: Limited access (recommended)

Expiration: Set based on usage needs (30-90 days recommended)

Managing API Keys

Viewing Keys

Navigate to Configuration → API Keys to view your keys. The full key value is only shown once at creation.

Editing Keys

You can edit key permissions, scope, and expiration, but not the key value itself.

Revoking Keys

Revoke keys that are compromised, no longer needed, or during rotation. Revocation is immediate and cannot be undone.

Rotating Keys

Rotate keys regularly: create new key, update applications, test, then revoke old key.

Using API Keys

With APHIDS CLI

export HIVE_API_KEY="your-api-key"
aphids-cli --api-key $HIVE_API_KEY --runbook RUNBOOK_ID --target-url https://example.com

With API Requests

curl -H "X-Api-Key: $HIVE_API_KEY" https://api.yourdomain.com/endpoint

In CI/CD Pipelines

Store API keys in your CI/CD secrets manager and reference them in your pipeline configuration.

Security Best Practices

✅ Store in environment variables or secret managers
✅ Never commit to version control
✅ Rotate regularly (30-90 days)
✅ Use HTTPS only
✅ Revoke immediately if compromised

Monitoring

View API key usage statistics in the Usage tab. Configure alerts for unusual activity or errors.

Rate Limiting

API keys have rate limits. If exceeded, implement exponential backoff. Contact support for higher limits if needed.

Troubleshooting

Key not working: Verify it's active, not expired, and has correct permissions
Rate limited: Implement exponential backoff
Key compromised: Revoke immediately, create new key, update applications

Related: API Authentication | APHIDS Integration | Users