Service API Keys
Service API keys let external applications act on behalf of your organization. Each key has its own credit limit and can be revoked at any time.
Manage keys under Settings → Service API at https://testhiveapp.com/organization/settings#service_api.
Testhive Core API
External integrations call the versioned Testhive Core API on your Testhive platform:
https://testhiveapp.com/api/core/v1
Authenticate every request with your service key:
Authorization: Bearer <sk-...>Examples
Ping
curl -s \
-H "Authorization: Bearer sk-YOUR_KEY_HERE" \
https://testhiveapp.com/api/core/v1/pingA successful response includes your organization and key identifiers:
{
"success": true,
"data": {
"message": "pong",
"organizationId": "...",
"keyId": "..."
}
}Note: Key management (create, list, revoke) remains on the internal dashboard API at
https://testhiveapp.com/api/rest, which uses your browser session—not service keys.
When to use service keys
Use service keys when you need:
- A dedicated credential for an integration or script
- Per-integration credit limits separate from your main balance
- The ability to revoke access without changing your user password
Note: Keys are created and managed in the dashboard today. Treat keys as secrets and rotate them if exposed.
Generate a key
Open Service API settings
Go to https://testhiveapp.com/organization/settings#service_api.
Set a credit limit
Set an initial credit limit (maximum credits the key may consume).
Generate and copy
Click Generate key, then copy the secret immediately — the full key is shown only once.
Keys use the format sk- followed by a random secret. After creation, only a masked version (last eight characters) is displayed in the list.
Manage existing keys
The Your keys table shows each key’s masked secret, creation date, and credit limit.
| Action | Effect |
|---|---|
| Edit limit | Raise or lower the maximum credits the key can use |
| Delete | Revoke the key immediately; integrations using it lose access |
Deletion is permanent. Generate a new key if you need to restore access.
Security best practices
Never commit keys to source control or share them in chat. Use the lowest credit limit that satisfies the integration. Delete unused keys promptly. Rotate immediately if a key may have leaked—delete the old key and create a new one.
Next steps
- LMS Integration — schedule tests, webhooks, and grade export
- API Playground — interactive Core API reference
- Credits & Billing — organization-wide credit balance
- Contact — integration support