API Keys
API keys provide programmatic access to the Hooklistener API. They authenticate requests and determine which organization's data you can access.
Key format
All API keys start with the hklst_ prefix:
hklst_a1b2c3d4e5f6g7h8i9j0...
Creating API keys
Dashboard
- Go to Organization Settings > API Keys
- Click Create API Key
- Enter a descriptive name (e.g., "CI/CD Pipeline", "Development")
- Click Create
- Copy the key immediately — it's only shown once
API
curl -X POST https://app.hooklistener.com/api/v1/organizations/<org-id>/api-keys \
-H "Authorization: Bearer hklst_existing_key" \
-H "Content-Type: application/json" \
-d '{"name": "CI/CD Pipeline"}'
Using API keys
Include the key in the Authorization header:
curl https://app.hooklistener.com/api/v1/endpoints \
-H "Authorization: Bearer hklst_your_api_key"
API keys also work with the MCP server:
claude mcp add --transport http hooklistener https://app.hooklistener.com/api/mcp \
--header "Authorization: Bearer hklst_your_api_key"
Key properties
| Property | Description |
|---|---|
| ID | Unique identifier for the key |
| Name | Human-readable label |
| Created at | When the key was created |
| Last used at | When the key was last used for authentication |
| Revoked at | When the key was revoked (null if active) |
Revoking API keys
Revoked keys immediately stop working.
Dashboard
Go to Organization Settings > API Keys and click Revoke on the key.
API
curl -X DELETE https://app.hooklistener.com/api/v1/organizations/<org-id>/api-keys/<key-id> \
-H "Authorization: Bearer hklst_your_api_key"
Best practices
- Use descriptive names — "GitHub Actions CI" is better than "key1"
- One key per use case — create separate keys for CI, development, and production
- Rotate periodically — create a new key, update your configuration, then revoke the old one
- Never commit keys — use environment variables or secret managers
- Revoke unused keys — remove keys that are no longer needed