Skip to main content
Every request to a versioned endpoint (/v1/...) must include a valid API key. Keys are free; create one in the dashboard.

API keys

  • Keys are organization-scoped and look like haau3_sk_….
  • A key’s secret is shown once at creation. Store it securely. If it’s lost, revoke it and create a new one.
  • Keys are stored hashed at rest, so haau3 cannot recover a secret after it’s shown.

Sending your key

Send the key as a Bearer token in the Authorization header: 
curl -s https://api.haau3.com/v1/scheduling/slots \
  -H "Authorization: Bearer haau3_sk_your_key_here"
The x-api-key: haau3_sk_… header is also accepted in place of Authorization: Bearer.

The 401 contract

A missing or invalid key returns 401 Unauthorized: 
{
  "error": "API key required",
  "message": "Create a free key in the dashboard. See https://platform.haau3.com/docs"
}
A valid key returns 200. There are no rate limits or usage charges today, and a free key grants full access. Paid tiers and usage limits are planned, and they’ll be documented here before they take effect.

Keeping keys safe

Treat API keys like passwords. Don’t commit them to source control or expose them in client-side code. Use server-side requests or a secrets manager, and revoke any key you believe is compromised.