Profile & API Keys

Manage your account preferences and API keys. Use the preferences endpoints to configure language, timezone, and email notification settings. Use the API keys endpoints to create, list, regenerate, and revoke the bearer tokens that authenticate your API requests.

Preferences

GET /v1/profile/preferences Requires Auth

Get Preferences

Get Preferences

Retrieve the authenticated user's preferences merged with system defaults, plus the reference lists (supported languages and common timezones) used to populate selection dropdowns. This endpoint returns a flat object — it is not wrapped in the standard success/payload envelope.

No input needed — runs live with your key
curl https://api.proxyhat.com/v1/profile/preferences \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Accept: application/json"
import requests

response = requests.get(
    "https://api.proxyhat.com/v1/profile/preferences",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Accept": "application/json",
    },
)

data = response.json()
prefs = data["preferences"]
print(f"Language: {prefs[\"language\"]}, Timezone: {prefs[\"timezone\"]}")
const response = await fetch("https://api.proxyhat.com/v1/profile/preferences", {
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
  },
});

const { preferences } = await response.json();
console.log(`Language: ${preferences.language}, Timezone: ${preferences.timezone}`);
req, _ := http.NewRequest("GET", "https://api.proxyhat.com/v1/profile/preferences", nil)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var result map[string]interface{}
json.NewDecoder(resp.Body).Decode(&result)
fmt.Println(result["preferences"])
Merged with defaults: preferences always contains the full set of keys — any value you have never set falls back to the system default shown above. supported_languages and common_timezones are reference lists (truncated in the example) that back the language and timezone selectors; each language entry has value, label, and a flag URL, and each timezone entry has value, label, and offset.
PUT /v1/profile/preferences Requires Auth

Update Preferences

Update Preferences

Update the authenticated user's preferences. Every field is optional (validated with "sometimes") — only the keys you send are changed, and the notifications object is merged into your existing notification settings rather than replacing it. Returns a confirmation message plus the full preferences object merged with defaults.

Example request: language timezone
Request Body
Name Type Required Description
language string Optional Interface / notification language. One of: en, ru, zh, es, de, fr, ja, ko, pt, it, pl, tr, ar, hi, bn, id, vi, fa, th, uk, nl, ro, cs, sv, hu, el.
timezone string Optional A valid IANA timezone identifier (e.g. "America/New_York", "Europe/London", "UTC").
timezone_auto_detect boolean Optional Whether the timezone should be auto-detected from the browser.
notifications object Optional Map of email-notification toggles. Merged into existing settings — send only the keys you want to change.
notifications.product_updates boolean Optional Product update announcements.
notifications.marketing_emails boolean Optional Marketing / promotional emails.
notifications.billing_notifications boolean Optional Billing and payment notifications.
notifications.subuser_created boolean Optional Email when a sub-user (proxy user) is created.
notifications.subuser_changed boolean Optional Email when a sub-user is changed.
notifications.subuser_deleted boolean Optional Email when a sub-user is deleted.
notifications.social_connected boolean Optional Email when a social account is connected.
notifications.social_disconnected boolean Optional Email when a social account is disconnected.
notifications.api_key_created boolean Optional Email when an API key is created.
notifications.api_key_deleted boolean Optional Email when an API key is deleted.
curl -X PUT https://api.proxyhat.com/v1/profile/preferences \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "language": "en",
    "timezone": "America/New_York",
    "notifications": {
      "product_updates": false,
      "billing_notifications": true
    }
  }'
import requests

response = requests.put(
    "https://api.proxyhat.com/v1/profile/preferences",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Content-Type": "application/json",
        "Accept": "application/json",
    },
    json={
        "language": "en",
        "timezone": "America/New_York",
        "notifications": {
            "product_updates": False,
            "billing_notifications": True,
        },
    },
)

data = response.json()
print(data["message"])
print(data["preferences"]["timezone"])
const response = await fetch("https://api.proxyhat.com/v1/profile/preferences", {
  method: "PUT",
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Content-Type": "application/json",
    "Accept": "application/json",
  },
  body: JSON.stringify({
    language: "en",
    timezone: "America/New_York",
    notifications: {
      product_updates: false,
      billing_notifications: true,
    },
  }),
});

const { message, preferences } = await response.json();
console.log(message, preferences.timezone);
payload := strings.NewReader(`{
  "language": "en",
  "timezone": "America/New_York",
  "notifications": {
    "product_updates": false,
    "billing_notifications": true
  }
}`)

req, _ := http.NewRequest("PUT", "https://api.proxyhat.com/v1/profile/preferences", payload)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var result map[string]interface{}
json.NewDecoder(resp.Body).Decode(&result)
fmt.Println(result["message"])
security_alerts is always on. There is no security_alerts input — if you send a notifications object the server forces security_alerts to true so that account-security emails can never be disabled. There is also no theme preference on this endpoint.

API Keys

API keys are personal access tokens. Send one as Authorization: Bearer <token> to authenticate any endpoint marked Requires Auth. The full token string is shown once, at creation or regeneration time only.

GET /v1/profile/api-keys Requires Auth

List API Keys

List API Keys

Retrieve all API keys belonging to the authenticated account. Returns a bare JSON array of key metadata — id, name, timestamps, and abilities. The token value itself is never included.

No input needed — runs live with your key
curl https://api.proxyhat.com/v1/profile/api-keys \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Accept: application/json"
import requests

response = requests.get(
    "https://api.proxyhat.com/v1/profile/api-keys",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Accept": "application/json",
    },
)

keys = response.json()
for key in keys:
    print(f"{key[\"name\"]} (id {key[\"id\"]}) — last used: {key[\"last_used_at\"]}")
const response = await fetch("https://api.proxyhat.com/v1/profile/api-keys", {
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
  },
});

const keys = await response.json();
keys.forEach(k => console.log(`${k.name} (id ${k.id}) — last used: ${k.last_used_at}`));
req, _ := http.NewRequest("GET", "https://api.proxyhat.com/v1/profile/api-keys", nil)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var keys []map[string]interface{}
json.NewDecoder(resp.Body).Decode(&keys)
for _, k := range keys {
    fmt.Printf("%v (id %v) — last used: %v\n", k["name"], k["id"], k["last_used_at"])
}
POST /v1/profile/api-keys Requires Auth

Create API Key

Create API Key

Create a new API key for the authenticated account. The response includes plain_text_token — the only time the token value is ever returned. Store it securely; it cannot be retrieved again.

Example request: name
Request Body
Name Type Required Description
name string Optional A friendly name to identify the key (e.g. "Production Key", "CI/CD"). Defaults to "API key <timestamp>" (e.g. "API key 2026-07-08 12:34:56") if omitted.
abilities array Optional List of scopes granted to the token. Defaults to ["*"] (full access) if omitted.
curl -X POST https://api.proxyhat.com/v1/profile/api-keys \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "name": "Production Key",
    "abilities": ["*"]
  }'
import requests

response = requests.post(
    "https://api.proxyhat.com/v1/profile/api-keys",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Content-Type": "application/json",
        "Accept": "application/json",
    },
    json={
        "name": "Production Key",
        "abilities": ["*"],
    },
)

key = response.json()
# Store this token securely — it will not be shown again
print(f"Token: {key[\"plain_text_token\"]}")
const response = await fetch("https://api.proxyhat.com/v1/profile/api-keys", {
  method: "POST",
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Content-Type": "application/json",
    "Accept": "application/json",
  },
  body: JSON.stringify({
    name: "Production Key",
    abilities: ["*"],
  }),
});

const key = await response.json();
// Store this token securely — it will not be shown again
console.log(`Token: ${key.plain_text_token}`);
payload := strings.NewReader(`{
  "name": "Production Key",
  "abilities": ["*"]
}`)

req, _ := http.NewRequest("POST", "https://api.proxyhat.com/v1/profile/api-keys", payload)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var key map[string]interface{}
json.NewDecoder(resp.Body).Decode(&key)
// Store this token securely — it will not be shown again
fmt.Println("Token:", key["plain_text_token"])
Store the token now. plain_text_token is returned only in this response (and on regenerate). It is the raw token value — use it directly as Authorization: Bearer <plain_text_token>. If you lose it, you must regenerate the key to obtain a new one.
DELETE /v1/profile/api-keys/{id} Requires Auth

Delete API Key

Delete API Key

Permanently revoke and delete an API key by its numeric id. Any request using this key's token will immediately stop working. Returns 404 if the id does not belong to your account.

Example request: id
Path Parameters
Name Type Required Description
id integer Required The numeric id of the API key to delete (from the list endpoint).
curl -X DELETE https://api.proxyhat.com/v1/profile/api-keys/2 \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Accept: application/json"
import requests

key_id = 2

response = requests.delete(
    f"https://api.proxyhat.com/v1/profile/api-keys/{key_id}",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Accept": "application/json",
    },
)

result = response.json()
print(result["message"])
const keyId = 2;

const response = await fetch(`https://api.proxyhat.com/v1/profile/api-keys/${keyId}`, {
  method: "DELETE",
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
  },
});

const result = await response.json();
console.log(result.message);
keyID := 2
url := fmt.Sprintf("https://api.proxyhat.com/v1/profile/api-keys/%d", keyID)

req, _ := http.NewRequest("DELETE", url, nil)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var result map[string]interface{}
json.NewDecoder(resp.Body).Decode(&result)
fmt.Println(result["message"])
POST /v1/profile/api-keys/{id}/regenerate Requires Auth

Regenerate API Key

Regenerate API Key

Regenerate an existing API key. The old token is immediately deleted and a new one is issued with the same name and abilities. The response returns a fresh plain_text_token — store it, as it cannot be retrieved again. Returns 404 if the id does not belong to your account.

Example request: id
Path Parameters
Name Type Required Description
id integer Required The numeric id of the API key to regenerate.
curl -X POST https://api.proxyhat.com/v1/profile/api-keys/2/regenerate \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Accept: application/json"
import requests

key_id = 2

response = requests.post(
    f"https://api.proxyhat.com/v1/profile/api-keys/{key_id}/regenerate",
    headers={
        "Authorization": "Bearer __API_KEY__",
        "Accept": "application/json",
    },
)

key = response.json()
# Store this new token securely — it will not be shown again
print(f"New token: {key[\"plain_text_token\"]}")
const keyId = 2;

const response = await fetch(`https://api.proxyhat.com/v1/profile/api-keys/${keyId}/regenerate`, {
  method: "POST",
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
  },
});

const key = await response.json();
// Store this new token securely — it will not be shown again
console.log(`New token: ${key.plain_text_token}`);
keyID := 2
url := fmt.Sprintf("https://api.proxyhat.com/v1/profile/api-keys/%d/regenerate", keyID)

req, _ := http.NewRequest("POST", url, nil)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

var key map[string]interface{}
json.NewDecoder(resp.Body).Decode(&key)
// Store this new token securely — it will not be shown again
fmt.Println("New token:", key["plain_text_token"])
Changing your account password revokes every API key. When you update your password, all existing personal access tokens are deleted server-side and stop working immediately. After a password change you must create new API keys and update any integrations that used the old ones.