Skip to main content

API Keys

An understanding of generating and accessing API Keys in the Hatz Platform

Visit our API Documentation page to learn more:

https://api-docs.hatz.ai/reference

API Keys

Generate and manage API keys to connect Hatz AI with external platforms and automation tools.

Overview

API keys provide programmatic access while maintaining your existing user permissions and security boundaries.

Who this is for

Users can generate API keys only when their role includes the Create API Token permission. If the API Keys page says access is restricted, ask an administrator to add that permission or move the user to a role that includes it.

How API Keys Work

API keys authenticate your identity when making requests to Hatz AI from external systems. Important security principles:

  • Each API key is tied to a specific user account

  • The key inherits permissions from that user account

  • Keys only provide access to resources and actions the user can already perform in the platform

  • Keys do not grant elevated permissions

  • If the user's role changes, future API requests are evaluated against the user's current access

Generating an API Key

  1. Navigate to Workspace > API Keys

  2. Enter API key name in the intended box

  3. Click the Generate API Key button

  4. Click Copy You will not be able to see this key again. Keep it safe!

Workspace API Keys page showing the Create New API Key form and an Active API Keys table.

Expected Results

  • Successfully generated API keys can authenticate requests to Hatz AI services

  • Requests made with the key will execute with the same permissions as if you were logged into the platform directly

  • Apps available through API calls match what appears in your "My Automations" section

Security Best Practices

  • Store API keys securely and never share them publicly

  • Use descriptive names when generating keys to track their purpose

  • Revoke keys that are no longer in use

  • Do not commit API keys to public code repositories

  • Treat API keys like passwords

Removing an API Key

  1. Navigate to Workspace > API Keys

  2. Click the trash icon on the intended key

  3. Click "Yes, delete" - This action cannot be undone.

Active API Keys table showing an existing key name, created date, expiration date, and delete icon.

My API key isn't working

  • Confirm the key was copied correctly without extra spaces

  • Check that your user account has permission to perform the requested action

  • If a usage endpoint returns a permission error, confirm the user can view the same usage data in the product. Usage analytics endpoints such as daily, hourly, source, model, asset, and user summaries require the user's role to include View User Roles for the requested tenant scope. The usage limit endpoint can also use usage-specific permissions such as View Usage & Limits or View Own Tenant Usage when scoped to the user's allowed tenant.

  • Verify the external platform is configured correctly

Limitations

  • API keys provide access only to features and data the user already has permission to access in the platform

  • Keys do not bypass role-based access controls or organizational restrictions

  • Some features require an interactive user session and are not available through API key authentication

  • Some features may not be available through API access (for example, Community Automations and Private Automations are not currently accessible via Zapier integration)

  • Non-admin users may not have the ability to generate API keys depending on organizational settings

  • API keys are scoped to individual user accounts and cannot be shared across users

Did this answer your question?