Skip to main content

API keys

All requests to the Hostreach public API must include an API key. Keys are scoped, revocable, and prefixed to indicate the environment.

Generate a key

  1. Log in at app.hostreach.io.
  2. Go to Settings › Workspace › Acceso API.
  3. Click New API key, choose a name, environment, and scopes.
  4. Copy the key — it is only shown once.

Key format

Use hr_live_ keys for production integrations and hr_test_ keys for development and testing.

Sending the key

You can pass the key in either of two ways:

Option 2 — Bearer token

Scopes

API keys can be restricted to specific scopes. An empty scopes array means full access (wildcard). A 403 Forbidden response means the key is valid but lacks the required scope for that endpoint. Create a new key with the necessary scope.

Error responses

All errors return a JSON body:

Key rotation and revocation

  • To rotate a key: create a new key, update your integration, then revoke the old one.
  • To revoke: go to Settings › Workspace › Acceso API and click Revoke next to the key.
  • Revoked keys return 401 immediately.