Authentication

The ProxyHat API uses Bearer token authentication. Include your API key in every request's Authorization header.

Bearer Tokens

Every authenticated API request must include the Authorization header with your Bearer token:

Authorization: Bearer YOUR_API_KEY

Getting an API Key

There are two ways to get an API key:

Via Dashboard

Navigate to the API page in your dashboard and create a new API key. The key is displayed once — copy and store it securely.

Via API

You can also create API keys programmatically:

1. Register or login to get an access token
2. Use that token to call POST /v1/profile/api-keys
3. The response includes a plain_text_token — store it securely

Authentication Examples

curl https://api.proxyhat.com/v1/auth/user \
  -H "Authorization: Bearer __API_KEY__" \
  -H "Accept: application/json"

import requests

headers = {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
}

response = requests.get("https://api.proxyhat.com/v1/auth/user", headers=headers)
print(response.json())

const response = await fetch("https://api.proxyhat.com/v1/auth/user", {
  headers: {
    "Authorization": "Bearer __API_KEY__",
    "Accept": "application/json",
  },
});

const data = await response.json();
console.log(data);

req, _ := http.NewRequest("GET", "https://api.proxyhat.com/v1/auth/user", nil)
req.Header.Set("Authorization", "Bearer __API_KEY__")
req.Header.Set("Accept", "application/json")

resp, err := http.DefaultClient.Do(req)
if err != nil {
    log.Fatal(err)
}
defer resp.Body.Close()

Token Security

• Store keys in environment variables, not in code
• Use different keys for development and production
• Regenerate keys periodically
• Delete unused keys

Authentication Errors

If your token is missing or invalid, the API returns 401 Unauthorized:

{
  "message": "Unauthenticated."
}

If two-factor authentication is enabled and required, the API returns 403 Forbidden:

{
  "message": "Two-factor authentication required.",
  "requires_2fa": true
}