Authorization header of each request, and Hany verifies your identity, checks your account permissions, and routes the request accordingly. No OAuth flows, no session cookies — just a single header on every call.
Getting Your API Key
Open the Dashboard
Log in to your Hany account at hany.tools and go to the main dashboard.
Navigate to API Keys
Click on Settings in the left sidebar, then select API Keys from the settings menu.
Generate a New Key
Click Generate New Key. Give the key a descriptive label — for example,
production-api or mobile-app-backend — so you can identify its purpose at a glance.Copy and Store the Key
Copy the key immediately. Hany displays the full key only once at creation time. If you lose the key before storing it, you’ll need to revoke it and generate a new one.Store the key in a secrets manager, a
.env file that is excluded from version control, or your hosting provider’s environment variable system.Making Authenticated Requests
Pass your API key as a Bearer token in theAuthorization header of every request. The example below calls GET /sms/sender-ids to list your registered Sender IDs — you can substitute any other endpoint in the same way.
API Key Security
Protecting your API key is your responsibility. A compromised key gives anyone full access to your Hany account, including the ability to send messages that consume your credits. Follow these practices to keep your keys safe.Use Environment Variables
Never hard-code your API key in source code. Instead, load it from an environment variable at runtime.Terminal
JavaScript
Python
Never Commit Keys to Version Control
Add.env files and any files containing secrets to your .gitignore before your first commit. Once a secret is pushed to a repository — even a private one — treat it as compromised and rotate it immediately.
.gitignore
Use Separate Keys per Environment
Generate distinct API keys for development, staging, and production environments. This limits the blast radius if a key is exposed: a leaked development key cannot be used to affect your production account.Rotate Compromised Keys Immediately
If you suspect a key has been exposed, go to Settings → API Keys in the Hany dashboard, click Revoke next to the affected key, and generate a replacement. Update your environment variables and redeploy your application before the old key is fully deactivated.Authentication Errors
If Hany cannot authenticate your request, the API returns a4xx HTTP error code with a JSON body explaining the problem.
| Status Code | Error | Meaning | How to Fix |
|---|---|---|---|
401 Unauthorized | invalid_api_key | The API key is missing, malformed, or does not match any active key in Hany’s system. | Check that you are passing the key correctly in the Authorization: Bearer <key> header. Verify the key in your dashboard under Settings → API Keys. |
401 Unauthorized | api_key_revoked | The API key has been revoked and is no longer valid. | Generate a new key in the dashboard and update your application’s environment variables. |
403 Forbidden | insufficient_permissions | The API key is valid but does not have permission to perform the requested action. | Check the key’s permission scope in the dashboard. Some actions require keys with elevated permissions. |
403 Forbidden | account_suspended | Your Hany account has been suspended. | Contact Hany support to resolve the suspension before making further API calls. |
401 Unauthorized
If you are consistently receiving
401 errors after generating a fresh key, make sure there are no leading or trailing whitespace characters in the key value — this is a common copy-paste issue. Use your programming language’s string trim function to strip whitespace before passing the key to the Authorization header.