API Access Keys

What are API Access Keys?

API Access Keys are used for managing security role access to services on hook.io.

You can create new keys to allow third-party services or users to securely access restricted hook.io API endpoints like private hooks, the datastore, or logs.

A common use-case would be creating an API Access Key with the role hook::logs::read to securely read the logs of your Private Services.

Another use-case would be creating an API Access Key with the role of hook::run to allow a third-party client to run a private hook service hosted on hook.io. This private service would only accessible to clients who can provide a the generated access key which has the role hook::run

Using API Access Keys

Using an API Access Key with hook.io is easy!

All you have to do is supply the generated hook_private_key variable as a HTTP request parameter ( GET Query Parameter / POST Form Data / JSON RPC / HTTP Request Header / etc ) and that HTTP client request will be granted the roles associated with that hook_private_key.

Remember: All service level events on hook.io are available as roles, allowing granular access control.

What are Roles?

Roles are unique identifiers representing granular access to the hook.io API. Every API method on hook.io has a unique Role name.

When creating a new access key, you must specify a set of roles associated with that key. These roles determine what the new access key has permission to do.

Role checks are used to determine if an incoming HTTP request has authorization to access the requested resource. This is useful when using Private Services or when accessing the hook.io API from a third-party client.

A full listing of security access roles is available at /roles