Breeder API

Breeder API — API key management

How to create, list, and revoke API keys for the Herpify Breeder API.

Overview

API keys are how you authenticate programmatic requests to the Herpify Breeder API. You can have up to 10 active keys at once. Keys are shown only once when created — store them immediately in a secrets manager or environment variable.

List your API keys

Returns all active (non-revoked) API keys for your account. The raw key value is never returned after creation — only the prefix, name, and metadata.

GET /api/breeder/api-keys

curl https://herpify.com/api/breeder/api-keys \
  -H "Authorization: Bearer hm_live_your_key_here"

Response

{
  "data": [
    {
      "id": "clx1a2b3c4d5e",
      "name": "Production sync",
      "prefix": "hm_live_a1b2c3d4",
      "lastUsedAt": "2026-05-06T10:30:00.000Z",
      "expiresAt": null,
      "createdAt": "2026-03-01T09:00:00.000Z"
    }
  ]
}

Create an API key

Generates a new API key. The raw key value (`key`) is returned only in this response and cannot be retrieved again. Optionally set an expiry date.

ParameterTypeRequiredDescription
namestringRequiredA label to identify this key (max 100 characters)
expiresAtISO 8601 date stringOptionalOptional expiry date — key stops working after this date

POST /api/breeder/api-keys

curl -X POST https://herpify.com/api/breeder/api-keys \
  -H "Authorization: Bearer hm_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name": "My automation script"}'

Response (201 Created) — key shown only once

{
  "data": {
    "id": "clx1a2b3c4d5e",
    "name": "My automation script",
    "prefix": "hm_live_a1b2c3d4",
    "key": "hm_live_a1b2c3d4e5f6g7h8i9j0...",
    "warning": "Store this key securely. It will not be shown again.",
    "expiresAt": null,
    "createdAt": "2026-05-07T12:00:00.000Z"
  }
}

Important note

You can have at most 10 active keys. If you hit the limit, revoke an existing key first.

Revoke an API key

Permanently revokes a key. The key immediately stops working. This cannot be undone.

DELETE /api/breeder/api-keys/{id}

curl -X DELETE https://herpify.com/api/breeder/api-keys/clx1a2b3c4d5e \
  -H "Authorization: Bearer hm_live_your_key_here"

Security best practices

Keep your API keys safe:

  • Store keys in environment variables or a secrets manager — never in source code
  • Never commit keys to a git repository (use .gitignore for .env files)
  • Use separate keys for different environments (dev, staging, production)
  • Set an expiry date on keys used by scripts that have a known end date
  • Rotate keys regularly — revoke old ones after creating replacements

Was this article helpful?