Authorization request header. Without a valid key, all requests return a 401 Unauthorized response. There are no cookies, sessions, or OAuth flows — just a single, portable key per integration.
Getting Your API Key
Log in to your Hany dashboard
Go to https://hany.tools and sign in to your account.
Generate a new key
Click “Generate New Key”, give it a descriptive label (e.g.,
production-backend), and confirm.Using Your API Key
Include your API key as a Bearer token in theAuthorization header of every request:
Security Best Practices
Keeping your API key secure protects your account, your credits, and your recipients. Follow these practices in every integration:- Use environment variables — read your key from
process.envoros.environrather than hard-coding it in your source files. - Never commit API keys to version control — add
.envfiles to your.gitignoreand use secrets management tools in CI/CD pipelines. - Use one key per integration or environment — separate keys for development, staging, and production make it easy to rotate or revoke a single key without affecting other environments.
- Rotate compromised keys immediately — go to Settings → API Keys in the dashboard, revoke the affected key, and generate a replacement.
Authentication Errors
If your request is rejected due to an authentication problem, you will receive one of the following responses:| HTTP Status | Error Code | Meaning |
|---|---|---|
401 Unauthorized | unauthorized | The Authorization header is missing, malformed, or contains an invalid API key. |
403 Forbidden | forbidden | The API key is valid, but it does not have permission to perform the requested action. |