Skip to content
HitKeep
Start In Cloud

API Clients

You want to pull analytics data into a custom dashboard, a CI pipeline, or an internal tool without using your main session cookie. API Clients let you create named, scoped tokens that authenticate against the HitKeep REST API using a standard Authorization: Bearer header.

HitKeep supports two ownership modes:

  • Personal API clients live under Settings → API Clients and belong to one user.
  • Team API clients live under Administration → Team → Settings and belong to the team itself, so they survive when an individual user leaves the team.
HitKeep API clients — bearer token management
Settings → API Clients — create and revoke personal bearer tokens for programmatic access.
HitKeep team API clients — shared token management in team settings
Administration → Team → Settings — team-owned bearer tokens for shared integrations and automation.

Choose the Right Ownership Model

Section titled “Choose the Right Ownership Model”

Use a personal API client when the token is just for you or tied to your own user account.

Use a team API client when the token powers a shared integration such as:

  • a CI export job
  • a shared Grafana dashboard
  • a reporting sync owned by the marketing or product team

Team API clients are the safer default for automation because they are not deleted when the original creator leaves the team.

Create a Personal Token

Section titled “Create a Personal Token”
  1. Open Settings → API Clients in the HitKeep dashboard.
  2. Click New API Client.
  3. Give the client a descriptive name (e.g., grafana-reader, ci-exporter).
  4. Copy the generated token immediately — it is shown once.

API reference:

Create a Team Token

Section titled “Create a Team Token”
  1. Open Administration → Team → Settings.
  2. Scroll to Team API Clients.
  3. Create a token and scope it to one or more sites in the current team.
  4. Copy the generated token immediately — it is shown once.

API reference:

Using a Token

Section titled “Using a Token”

Pass the token as a Bearer token in the Authorization header on any API request:

For example, any authenticated site stats request in the API reference can be called with a bearer token:

This works for all authenticated API endpoints and is suitable for server-to-server use. Do not expose tokens in client-side JavaScript.

HitKeep built-in API reference with interactive endpoint documentation
The built-in API reference is available on your own instance, so teams can inspect operations and test authenticated flows without leaving their deployment.

Managing Tokens

Section titled “Managing Tokens”

Use the generated reference for the full lifecycle:

Only team owners and admins can manage team API clients.

Security Best Practices

Section titled “Security Best Practices”
  • Use one token per integration so you can revoke granularly.
  • Rotate tokens periodically by deleting the old client and creating a new one.
  • Store tokens in environment variables or a secrets manager, never in source code.
  • HitKeep does not store tokens in plain text — only a hashed form is retained after creation.
  • Prefer team API clients for long-lived automation owned by a team instead of a single person.
  • Scope team API clients only to the sites they actually need.
Section titled “Related”
Designed & developed in Germany. Sovereign by default.