The Hyperline API requires either an API key or an access token to identify and authorise calls. API keys are associated with a single Hyperline account, and an access token represents delegated access to a specific account (used for third-party app). You can have more than one token or key at any point in time. Those tokens are able to authenticate to Hyperline and perform actions on your account so it’s important that you keep them safe in the same way that you would a password.

Manage API keys

How to generate an API key

Generating an API key is very simple and allow you to use Hyperline’s API or integration such as Zapier. As a Hyperline’s admin:
  1. Go to your workspace Settings, section API
  2. Click on + New API key
  3. Add a name for this key, and select the appropriate scopes (in most cases you’ll need right/write accesses)
  1. Copy the key and it in a safe space, you won’t be able to see it later in Hyperline
API keys are prefixed either with prod_ or test_ to easily identify and distinguish them between environments.

Using authentication token

API keys or access tokens must be provided with every API call, specified in the Authorization header after a Bearer prefix. All requests happen using HTTPS. For example: 
curl -H "Authorization: Bearer <API key or access token>" https://api.hyperline.co/v1/customers
We also support HTTP Basic Authentication, where the username is the API key and the password is left blank, but we recommend using Bearer Authentication because it’s simpler for debugging.

Keeping your data safe

Your API keys should be treated as highly sensitive information - think of a token like a password. You should only give tokens to services you fully trust. If leaked, tokens could be used maliciously - they can provide someone with access to all of your Hyperline data. If you suspect a token has been compromised, revoke it and replace it with a new one.
Tokens should never be shared with support teams or your customers.

Revoke a key

Workspace admins can permanently revoke tokens from the API Settings in Hyperline. To revoke a token, click on the icon on the line of the key name, then Delete to permanently delete it. A deleted key cannot be recovered.