Skip to Content
Testhive CoreService API Keys

Service API Keys

Service API keys let external applications act on behalf of your organization. Each key has its own credit limit and can be revoked at any time.

Manage keys under Settings → Service API at https://testhiveapp.com/organization/settings#service_api.

Testhive Core API

External integrations call the versioned Testhive Core API on your Testhive platform:

https://testhiveapp.com/api/core/v1

Authenticate every request with your service key:

Authorization: Bearer <sk-...>

Examples

curl -s \
-H "Authorization: Bearer sk-YOUR_KEY_HERE" \
https://testhiveapp.com/api/core/v1/ping

A successful response includes your organization and key identifiers:

{ "success": true, "data": { "message": "pong", "organizationId": "...", "keyId": "..." } }

Note: Key management (create, list, revoke) remains on the internal dashboard API at https://testhiveapp.com/api/rest, which uses your browser session—not service keys.

When to use service keys

Use service keys when you need:

  • A dedicated credential for an integration or script
  • Per-integration credit limits separate from your main balance
  • The ability to revoke access without changing your user password

Note: Keys are created and managed in the dashboard today. Treat keys as secrets and rotate them if exposed.

Generate a key

Open Service API settings

Go to https://testhiveapp.com/organization/settings#service_api.

Set a credit limit

Set an initial credit limit (maximum credits the key may consume).

Generate and copy

Click Generate key, then copy the secret immediately — the full key is shown only once.

Keys use the format sk- followed by a random secret. After creation, only a masked version (last eight characters) is displayed in the list.

Manage existing keys

The Your keys table shows each key’s masked secret, creation date, and credit limit.

ActionEffect
Edit limitRaise or lower the maximum credits the key can use
DeleteRevoke the key immediately; integrations using it lose access

Deletion is permanent. Generate a new key if you need to restore access.

Security best practices

Never commit keys to source control or share them in chat. Use the lowest credit limit that satisfies the integration. Delete unused keys promptly. Rotate immediately if a key may have leaked—delete the old key and create a new one.

Next steps