-kbWNY9gGfMInppgsHHXhObKwwZgi65.svg){kind=small}
Authentication
Learn how to authenticate your API requests using API keys and access tokens.
Overview
Pihu.ai uses API keys to authenticate requests. You can view and manage your API keys in the Dashboard.
Your API keys carry many privileges, so be sure to keep them secure. Don't share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Authentication to the API is performed via HTTP Bearer Auth. Provide your API key as the bearer token value.
Prerequisites
- You have created a Pihu.ai account
- You have generated an API key from the Dashboard
- You have the necessary permissions for the API endpoints you want to access
Endpoints
POST
/v1/auth/api-keysGenerate API Key
Create a new API key for your account.
curl -X POST "https://api.pihu.ai/v1/auth/api-keys" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My API Key",
"expiration": "30d",
"permissions": ["interview:write", "candidate:read"]
}'Request
Headers
{
"Content-Type": "application/json"
}Body
{
"name": "My API Key",
"expiration": "30d",
"permissions": [
"interview:write",
"candidate:read"
]
}Response
200 OK
{
"id": "key_abc123",
"name": "My API Key",
"key": "ph_live_abc123...",
"created": "2024-02-20T12:00:00Z",
"expires": "2024-03-21T12:00:00Z"
}GET
/v1/auth/api-keysList API Keys
Retrieve a list of your API keys.
curl "https://api.pihu.ai/v1/auth/api-keys" \
-H "Authorization: Bearer YOUR_API_KEY"Request
Headers
{
"Authorization": "Bearer YOUR_API_KEY"
}Response
200 OK
{
"data": [
{
"id": "key_abc123",
"name": "My API Key",
"created": "2024-02-20T12:00:00Z",
"expires": "2024-03-21T12:00:00Z",
"last_used": "2024-02-20T12:05:00Z"
}
],
"has_more": false
}Parameters
Name
Type
Description
Required
name
string
A friendly name for your API key
Yes
expiration
string
Time until the key expires (e.g., '30d', '12h')
No
permissions
array
List of permissions to grant to the key
Yes
Security Notice
Never share your API keys or commit them to version control. Use environment variables to store sensitive credentials.
Rate Limiting
API requests are subject to rate limiting. See the Rate Limiting section for more details.
Best Practice
Rotate your API keys regularly and use different keys for development and production environments.