Authentication
Every request needs an API key
Authorization: Bearer YOUR_API_KEYIn production, keep the key on the server side and let your backend call HiAPI.
Getting Your API Key
Section titled “Getting Your API Key”- Sign up at hiapi.ai
- Go to Dashboard → API Keys
- Click Create New Key
- Copy the key and store it securely — it won’t be shown again
Using Your API Key
Section titled “Using Your API Key”Include the key in the Authorization header with the Bearer prefix:
curl -X POST https://api.hiapi.ai/v1/tasks \ -H "Authorization: Bearer sk-your-api-key" \ -H "Content-Type: application/json" \ -d '{"model": "gpt-image-2", "input": {"prompt": "minimal product icon, warm orange accent"}}'import osimport requests
response = requests.post( "https://api.hiapi.ai/v1/tasks", headers={ "Authorization": f"Bearer {os.environ['HIAPI_API_KEY']}", "Content-Type": "application/json", }, json={ "model": "gpt-image-2", "input": {"prompt": "minimal product icon, warm orange accent"} },)
print(response.json())const response = await fetch("https://api.hiapi.ai/v1/tasks", { method: "POST", headers: { "Authorization": `Bearer ${process.env.HIAPI_API_KEY}`, "Content-Type": "application/json" }, body: JSON.stringify({ model: "gpt-image-2", input: { prompt: "minimal product icon, warm orange accent" } })});
console.log(await response.json());Security Best Practices
Section titled “Security Best Practices”- Never expose your API key in browser code, mobile bundles, or public repositories
- Use environment variables to store your key:
HIAPI_API_KEY - Rotate keys regularly from the Dashboard and re-verify the request path after rotation
- Use separate keys for development and production
- Proxy requests through your backend if end users can submit prompts or files
Error Responses
Section titled “Error Responses”| Status Code | Meaning |
|---|---|
401 | Invalid or missing API key |
403 | API key doesn’t have permission |
429 | Rate limit exceeded |