API Key Management
Get and manage your API key for secure access
Get and manage your API key for secure access
Getting Started
Sign In Required
To get your API key and start using our API, you need to sign in to your account.
What You'll Get
- Personal API Key - Generated specifically for your account
- Account-Level Access - Same data as your web account
- Rate Limits - 1,000/hour (Hi Energy), 10,000/hour (other publishers)
- Secure Isolation - Your key only accesses your data
- Real-Time Sync - API reflects your current account status
- Full Documentation - Complete guides and examples
What This Means: Your API key will provide programmatic access to the same affiliate data, deals, and transactions you can see when logged into your account. Perfect for building custom tools and integrations!
Quick Start
- Sign in to your account
- Copy your API key
- Add it to your requests
- Start making API calls!
Security First
- Never expose your API key
- Use environment variables
- Regenerate if compromised
- Monitor your usage
Authentication Methods
We support API keys plus OAuth bearer tokens for maximum compatibility:
Agent decision guide: Use
X-Api-Key for AI agents, MCP clients, and server-to-server jobs. Use Authorization: Bearer <jwt> only when your app already has an Auth0 user token. Keep api_key query params only for older integrations.
| Action | Method | Endpoint | Description |
|---|---|---|---|
| Get your API key | — |
Sign in → API Documentation → API Key (this page) |
Copy your key from the card above when signed in. |
| Authenticate (header) | GET |
X-Api-Key: YOUR_API_KEY |
Send key in request header (recommended). |
| Authenticate (OAuth) | GET |
Authorization: Bearer YOUR_AUTH0_TOKEN |
Send an Auth0 bearer token in the Authorization header. |
| Authenticate (query param) | GET |
/api/v1/deals?api_key=YOUR_API_KEY |
Append api_key to any v1 request URL. |
| Test an endpoint | GET |
Use Test / Open on any API doc playground |
Deals, Advertisers, Contacts, etc. pages have try-it cards. |
X-Api-Key Header (Recommended)
Use the X-Api-Key header for modern, secure authentication:
curl -H "X-Api-Key: YOUR_API_KEY•••••••I_KEY" \
https://app.hienergy.ai/api/v1/advertisersAdvantages:
- More secure (not in URL logs)
- Cleaner URLs
- Better for AI agents
- Modern API standard
API Key Parameter (Legacy)
Use the api_key parameter for legacy compatibility:
curl "https://app.hienergy.ai/api/advertisers?api_key=YOUR_API_KEY•••••••I_KEY"When to Use:
- Legacy system integration
- Simple testing
- Browser-based requests
- Backward compatibility
OAuth Bearer Token
Use an Auth0-issued bearer token for OAuth-based API access:
curl -H "Authorization: Bearer YOUR_AUTH0_TOKEN" \
https://app.hienergy.ai/api/v1/advertisersWhen to use it:
- OAuth-based app integrations
- Auth0-backed user sign-in flows
- Clients that already manage bearer tokens
- Per-user API access without sharing static API keys
Recommendation: Use the
X-Api-Key header method for new integrations. It's more secure, cleaner, and follows modern API standards.
API Playground
Validate your API key by running sample calls against v1 and legacy endpoints. Sign in to enable live testing with your API key.
| Action | Method | Endpoint | Description |
|---|---|---|---|
| Test v1 advertisers | GET |
/api/v1/advertisers?limit=5 |
Confirms your key works with modern v1 endpoints. |
| Test v1 deals | GET |
/api/v1/deals?limit=5 |
Checks v1 endpoint auth and response shape. |
| Test legacy advertisers | GET |
/api/advertisers?page=1&per_page=5 |
Confirms backward-compatible API access. |
Code Examples
Python Example
import requests
# Using X-Api-Key header (recommended)
headers = {"X-Api-Key": "•••••••I_KEY"}
response = requests.get("https://app.hienergy.ai/api/v1/advertisers", headers=headers)
# Using api_key parameter (legacy)
params = {"api_key": "•••••••I_KEY"}
response = requests.get("https://app.hienergy.ai/api/advertisers", params=params)
print(response.json())JavaScript Example
// Using X-Api-Key header (recommended)
const response = await fetch('https://app.hienergy.ai/api/v1/advertisers', {
headers: {
'X-Api-Key': '•••••••I_KEY'
}
});
// Using api_key parameter (legacy)
const response = await fetch('https://app.hienergy.ai/api/advertisers?api_key=•••••••I_KEY');
const data = await response.json();
console.log(data);cURL Example
# Using X-Api-Key header (recommended)
curl -H "X-Api-Key: •••••••I_KEY" \
"https://app.hienergy.ai/api/v1/advertisers"
# Using api_key parameter (legacy)
curl "https://app.hienergy.ai/api/advertisers?api_key=•••••••I_KEY"Security Best Practices
Never Do This
- Don't commit API keys to version control
- Don't expose keys in client-side code
- Don't share keys in public forums
- Don't use keys in URLs for logging
Always Do This
- Store keys in environment variables
- Use HTTPS for all requests
- Monitor your API usage regularly
- Regenerate keys if compromised
Troubleshooting
This error means your API key is invalid or missing:
- Check that your API key is correct
- Ensure you're using the right authentication method
- Verify the key hasn't been regenerated
You've exceeded your rate limit:
- Wait before making more requests (use the
Retry-Afterheader) - Implement exponential backoff
Rate Limits
Hi Energy
1,000
requests per hour
Other publishers
10,000
requests per hour
Rate Limit Headers: All API responses include rate limit information in the headers:
X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset