search
Get your API keysLogin

Authenticate & Test

hashtag
Authentication Overview

To use the Hiboo REST API you must first have an existing account on Hiboo. Once you have an account, you can request for API access to our Hiboo team if you don't have access. After getting the API permission you are free to use the Hiboo REST API for your needs.

Our authentication system uses x-access-token for validating requests. You can get the token after successful login.

hashtag
API Credentials

You can create multiple API credentials on the applicationarrow-up-right. Here's a breakdown of what makes a credential:

  • API Name: Must be unique. You define it and your organization name is added as a suffix {you choice}_{organization name}

  • API Key: Auto generated when you create a credential, you can rotate it on the application

  • Workspace: Pick the workspace your credential will have access to.

  • Role: Admin (can update data) or Viewer (read-only)

Never share your secret keys. Keep them guarded and secure.

hashtag
Login to Get Your Token

Use the login endpoint below to authenticate and receive your access token:

hashtag
Authenticate on the API

post
/login

Authenticate on the API with your credentials to get a token that you can use in your requests.

Body
namestringOptionalExample: api_company
apiKeystringOptionalExample: 2ddd4027-c779-4b7c-80fe-8661c92c35ff
Responses
chevron-right
200

Token to use in the other API calls

application/json
post
/login

hashtag
Complete Authentication Flow

Here's a complete example of logging in and making your first API call:

1

hashtag
Login Request

2

hashtag
Login Response

3

hashtag
Use Your Token in API Calls

For all subsequent API requests, include your token in the x-access-token header:

Expected Response:

4

Success! If you see a response like this, your authentication is working correctly and you're ready to explore the API.

hashtag
Troubleshooting Authentication

hashtag
Common Issues

401 Unauthorized Error

  • Check that your API key is correct

  • Verify that API access has been granted to your account

  • Ensure you're using the correct environment (sandbox vs production)

Token Expired

  • Tokens have a limited lifetime for security

  • Login again to get a new token

  • Consider implementing automatic token refresh in your applications

Invalid Token Format

  • Ensure you're using the x-access-token header (not Authorization)

  • Check that there are no extra spaces or characters in your token

hashtag
Token Management

hashtag
Token Expiration

  • Tokens have a limited lifetime for security

  • You'll receive a 401 Unauthorized response when your token expires

  • Simply login again to get a new token

hashtag
Token Security Best Practices

  • Store tokens securely - Never hardcode them in your source code

  • Use environment variables for token storage

  • Implement token refresh in your applications

  • Monitor for 401 errors and handle re-authentication

PreviousEnvironments & Base URLsNextUsing Hiboo API with Postman

Last updated

Was this helpful?