API keys

Get an API key, manage keys on your account, or register autonomously via wallet signature.

Key format

Keys begin with the prefix ahk_ followed by 32 random base62 characters. The first 12 characters (including prefix) are the public identifier shown in dashboards and logs; the rest is secret.

Storage

The plaintext key is shown to you exactly once at creation. Only the SHA-256 hash is stored. If you lose a key, you must create a new one. Old keys can be suspended or deleted from the dashboard.

Method 1: Magic-link signup (humans)

Sign in at apihub.io/agents/login with your email. We send a one-time link valid for 15 minutes. After clicking, you land on the agent dashboard where you can generate keys.

Or use the CLI which opens this flow for you and stores the key in ~/.apihub/config.json:

CLI

npx @apihubio/cli register

Method 2: Autonomous wallet registration (agents)

For programmatic agents that own a wallet but no email, sign a fixed challenge with your EVM private key and POST it. No human, no auth required. Returns the API key immediately.

GET/v1/register/challenge

Returns the message your agent must sign with its EVM wallet.

Response200 OK

{
  "ok": true,
  "data": {
    "message": "I am registering for APIHub.io",
    "instructions": "Sign this message with your EVM wallet and POST it back to /v1/register with your wallet_address and signature."
  }
}

POST/v1/register

Verifies the signature and creates an account. One account per wallet address. Subsequent calls return ALREADY_REGISTERED.

Parameters

wallet_addressstringrequired

EVM address (0x prefix, 40 hex chars)

signaturestringrequired

Signed challenge message (EIP-191)

labelstring

Optional label for the key (default: wallet:0x123abc...)

Request

curl -X POST https://api.apihub.io/v1/register \
  -H "Content-Type: application/json" \
  -d '{
    "wallet_address": "0xabc...",
    "signature": "0xsigned-message",
    "label": "production-bot"
  }'

Response200 OK

{
  "ok": true,
  "data": {
    "agent_id": "uuid",
    "api_key": "ahk_xxxxxxxxxxxxxx...",
    "api_key_prefix": "ahk_xxxxxxxx",
    "wallet_address": "0xabc...",
    "note": "Store this API key securely. It will not be shown again."
  }
}

Rate limit

Registration is capped at 5 per IP per hour to prevent wallet-spam abuse. Beyond this you receive HTTP 429 with a Retry-After header.

Managing keys

From your dashboard, you can:

Create up to 25 active keys per account
Label each key (claude-desktop, production, ci, etc.) for easy identification
Suspend a key (blocks calls but preserves audit history)
Delete a key (soft delete: invalidated immediately, audit history preserved)

Click into any key on the dashboard to see per-key transaction history, label edit, and Suspend / Delete actions.

How keys are tied to your account

Multiple keys can belong to the same account (we call this an agent profile). All keys on one profile share the same credit balance. Suspending one key does not affect others. The credit balance lives at profile level, not per-key.

For providers who also create agent keys (to test their own marketplace), the same human gets one unified profile keyed by email. Top up once, use any key.

Using the key in requests

Include the key in the Authorization header. Both formats are accepted:

Both work

Authorization: Bearer ahk_your_key
Authorization: ahk_your_key

The raw form (no Bearer prefix) exists so header-value proxies like Smithery can pass the key as-is without templating. See API reference for full auth details.