API Authentication

Managing API keys and tokens for secure access.

API Keys

API keys provide long-lived access to the Hacker Bot API.

Creating an API Key

  1. Navigate to Settings → API Keys
  2. Click Generate New Key
  3. Enter a descriptive name (e.g., "Production CI/CD")
  4. Select permissions scope
  5. Set expiration (optional)
  6. Copy the key immediately—it won't be shown again

Using API Keys

Include the API key in the Authorization header:

# Using Bearer token
curl -H "Authorization: Bearer hb_live_xxxxxxxxxxxx" \
  https://api.hackerbot.io/v1/scans

# Using X-API-Key header (alternative)
curl -H "X-API-Key: hb_live_xxxxxxxxxxxx" \
  https://api.hackerbot.io/v1/scans

Key Prefixes

Prefix Environment Usage
hb_live_ Production Real scans, billed usage
hb_test_ Test Development, no billing

Permission Scopes

Limit API key access with granular scopes:

  • scans:read — View scan status and results
  • scans:write — Create and cancel scans
  • findings:read — Access vulnerability data
  • findings:write — Update finding status
  • projects:read — List projects
  • projects:write — Create and modify projects

Security Best Practices

  • ⚠️ Never commit API keys to version control
  • ⚠️ Use environment variables or secrets managers
  • ⚠️ Rotate keys regularly (90 days recommended)
  • ⚠️ Use minimum required scopes
  • ⚠️ Set expiration dates on keys
  • ⚠️ Monitor API key usage in your dashboard

Revoking Keys

If a key is compromised:

  1. Go to Settings → API Keys
  2. Find the compromised key
  3. Click Revoke
  4. Generate a new key if needed
  5. Update your applications with the new key
REST API Scans API