Authentication
The BlueHive API uses API keys to authenticate requests. You can create and manage your API keys from your BlueHive dashboard.
API Key Format
BlueHive API keys are passed in the Authorization header. Two formats are accepted:
| Format | Header Value |
|---|---|
| ApiKey prefix | Authorization: ApiKey sk_live_... |
| Bearer prefix | Authorization: Bearer sk_live_... |
Authentication with SDKs
Our SDKs handle authentication automatically. Just pass your API key when initializing the client.
import BlueHive from '@bluehive/sdk';
// The SDK handles authentication automatically
const client = new BlueHive({
apiKey: process.env.BLUEHIVE_API_KEY,
});
// All requests are authenticated
const employer = await client.employers.get('emp_123');Authentication Errors
If authentication fails, the API returns a 401 Unauthorized response:
401 Unauthorized
{
"error": "Unauthorized",
"message": "Invalid or missing API key",
"statusCode": 401
}| Status Code | Meaning |
|---|---|
401 | API key is missing, invalid, or expired. |
403 | API key does not have permission to access the requested resource. |
Security Best Practices
Use environment variables
Never hardcode API keys in source code. Store them in environment variables or a secrets manager.
Keep keys secret
Do not expose API keys in client-side code, public repositories, or browser network requests.
Rotate keys periodically
Generate new API keys regularly and revoke old ones from your dashboard.
Use separate keys per environment
Create different API keys for development, staging, and production environments.