API Authentication
API keys authenticate requests to the hidettp REST API. Keys are managed from the API Console page within the hidettp interface.
Creating an API Key
- Navigate to the API Console page.
- Click Create API Key.
- Enter a name for the key (e.g., "CI Pipeline", "Data Warehouse Sync").
- Select a permission level (see below).
- Click Create.
- Copy the API key immediately. The plaintext key is shown only once and cannot be retrieved later.
Permission Levels
| Level | Capabilities |
|---|---|
| Read | List and view bots, executions, scripts, and manifests. |
| Write | All Read permissions, plus: create bots, trigger executions, update manifests. |
| Admin | All Write permissions, plus: delete bots, manage schedules. |
Choose the minimum permission level required for your use case.
Using the API Key
Include the key in the Authorization header of every request:
Authorization: Bearer <your-api-key>
Example (curl):
curl -H "Authorization: Bearer htp_k8x2m9..." \
https://<your-deployment>.convex.site/api/v1/bots
Key Security
- API keys are hashed with SHA-256 before being stored. hidettp does not store the plaintext key.
- The plaintext key is displayed only once at creation time. If lost, revoke the key and create a new one.
- Treat API keys like passwords. Do not commit them to version control or share them in plaintext.
Revoking Keys
- Navigate to the API Console page.
- Find the key you want to revoke.
- Click Revoke.
- Confirm the action.
Revocation takes effect immediately. Any request using the revoked key will receive a 401 Unauthorized response.
Organization Scope
API keys are scoped to the organization in which they are created. A key can only access bots, executions, and data belonging to that organization. It cannot access resources in other organizations, even if the key's creator is a member of multiple organizations.