ghub_sk_ prefix sent in the Authorization: Bearer header.
Key format
| Type | Prefix | Use |
|---|---|---|
| Production | ghub_sk_live_ | Real calls, consume balance |
| Sandbox (coming soon) | ghub_sk_test_ | Testing without balance |
ghub_sk_live_ prefix (13 chars) + 32 random chars.
Generate an API key
- Go to the dashboard
- Click New API key
- Give it a descriptive name (
prod-web,ci-bot,staging) - We show the key only once — save it before closing
Use your API key
Pass it in theAuthorization header:
Best practices
Don't hardcode keys in code
Don't hardcode keys in code
Use environment variables (
process.env.GEEKHUB_API_KEY) or secrets services (AWS Secrets Manager, Vault, etc).One key per environment / app
One key per environment / app
Create separate keys for production, staging, CI, etc. If one is compromised, you only revoke that one.
Revoke unused keys
Revoke unused keys
In the dashboard, unused keys appear marked. Revoke them to reduce attack surface.
Rotate periodically
Rotate periodically
Every 90 days: generate new, deploy, revoke the old one.
Common authentication errors
| HTTP code | Message | Cause |
|---|---|---|
401 | missing_api_key | You didn’t send the Authorization header |
401 | invalid_api_key | Key doesn’t exist or is revoked |
402 | insufficient_balance | Your balance is ≤ $0 MXN, top up |