Authentication

All API requests require an API key in the Authorization header. In production, keep that key on the server side and let your backend call HiAPI.

Getting Your API Key

Sign up at hiapi.ai
Go to Dashboard → API Keys
Click Create New Key
Copy the key and store it securely — it won’t be shown again

Using Your API Key

Include the key in the Authorization header with the Bearer prefix:

curl https://api.hiapi.ai/v1/images/generations \
  -H "Authorization: Bearer sk-your-api-key" \
  -H "Content-Type: application/json" \
  -d '{"model": "qwen-image-2.0", "prompt": "minimal product icon, warm orange accent"}'

import os
import requests

response = requests.post(
    "https://api.hiapi.ai/v1/images/generations",
    headers={
        "Authorization": f"Bearer {os.environ['HIAPI_API_KEY']}",
        "Content-Type": "application/json",
    },
    json={
        "model": "qwen-image-2.0",
        "prompt": "minimal product icon, warm orange accent"
    },
)

print(response.json())

const response = await fetch("https://api.hiapi.ai/v1/images/generations", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.HIAPI_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    model: "qwen-image-2.0",
    prompt: "minimal product icon, warm orange accent"
  })
});

console.log(await response.json());

Security Best Practices

Never expose your API key in browser code, mobile bundles, or public repositories
Use environment variables to store your key: HIAPI_API_KEY
Rotate keys regularly from the Dashboard and re-verify the request path after rotation
Use separate keys for development and production
Proxy requests through your backend if end users can submit prompts or files

Error Responses

Status Code	Meaning
`401`	Invalid or missing API key
`403`	API key doesn’t have permission
`429`	Rate limit exceeded