Skip to main content

Creating a key

  1. Sign in at hermai.ai/dashboard
  2. Go to API Keys
  3. Click Create key, give it a label
  4. Copy the key. It is shown once and cannot be retrieved later.
Keys look like: hm_sk_abc123...

Using a key

Pass it as a Bearer token in the Authorization header:
You also use the same Bearer token for catalog and package routes:

What a key gives you

Schema access toggle

Each API key has a schema access setting that controls whether unverified schemas are included in catalog responses:
  • Verified only: catalog returns only schemas that have been reviewed and verified by the Hermai team. Safest option.
  • All schemas (default): includes both verified and unverified community contributions. More coverage, less curation.
You can change this per-key in the dashboard under API Keys > Schema access.

Revoking a key

Go to Dashboard > API Keys, find the key, and click Revoke. The key stops working immediately. Revocation is permanent. Create a new key if you need one.

Security

  • Keys authenticate your requests. They are not used for request signing, just Bearer token auth.
  • Store keys securely. Don’t commit them to source control.
  • Each key is independently revocable, so you can rotate one without affecting others.
  • Keys are hashed server-side. We cannot recover a lost key.