API Keys
The hb api-keys commands create and manage API keys for programmatic access to the Humanbound platform — the credential CI/CD pipelines, automation scripts, and SIEM forwarders use to authenticate. Keys are issued with one of three scopes (admin, write, read) and shown only once at creation. The commands cover create, list, update (rename, activate, deactivate), and revoke.
List API Keys
Create API Key
# Create key (shows key once!)
hb api-keys create --name "CI Key"
# Create scoped key
hb api-keys create --name "CI Key" --scopes read
Important
API keys are shown only once during creation. Store them securely. If lost, you must revoke and create a new key.
Update API Key
# Update name
hb api-keys update <id> --name "New Name"
# Activate key
hb api-keys update <id> --active
# Deactivate key
hb api-keys update <id> --inactive
Revoke API Key
# Revoke with confirmation
hb api-keys delete <id>
# Skip confirmation
hb api-keys delete <id> --force
Scopes
- admin: Full access including user management and sensitive operations
- write: Create and modify projects, run tests, update findings
- read: View-only access to projects, experiments, and results
Frequently asked questions
How do I create a Humanbound API key?
Run hb api-keys create --name "CI Key" to create a key. The key value is shown only once during creation — store it securely immediately, because it cannot be retrieved again.
What happens if I lose my API key?
API keys are shown only once during creation. If lost, you must revoke the existing key with hb api-keys delete <id> and create a new one.
What scopes are available for API keys?
Three scopes are available — admin for full access including user management and sensitive operations, write for creating and modifying projects and running tests, and read for view-only access to projects, experiments, and results.
How do I deactivate an API key without deleting it?
Run hb api-keys update <id> --inactive to deactivate a key. You can reactivate it later with hb api-keys update <id> --active.