Authentication
All API requests require authentication using an API key.
Getting an API Key
- Log in to Hello Battle Card
- Navigate to Settings > API Keys
- Click "Create API Key"
- Copy your API key (you'll only see it once!)
Note: API keys are only available for Enterprise plan customers.
Using Your API Key
Include your API key in the X-API-Key header:
curl -H "X-API-Key: hbc_live_your-api-key-here" \
https://app.hellobattlecard.com/api/products
API Key Format
API keys follow this format:
hbc_live_<32 hex characters>
Example: hbc_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Security Best Practices
- Never commit API keys to version control
- Rotate keys regularly if compromised
- Use different keys for different environments
- Revoke unused keys immediately
- Store keys securely using environment variables or secret managers
Rate Limits
API keys are subject to rate limits:
- Default: 1000 requests per hour
- Rate limit headers are included in responses
- See API Reference Overview for details
Revoking API Keys
You can revoke API keys at any time:
- Go to Settings > API Keys
- Click "Revoke" next to the key you want to revoke
- The key will immediately stop working
Revoked keys cannot be restored. You'll need to create a new key.