API keys authenticate the CLI and allow programmatic access to your HookReplay account.
API keys are secure tokens that authenticate requests to HookReplay's services. They're used by:
Treat API keys like passwords. Never commit them to version control or share them publicly.
Navigate to Settings → API Keys in your account.
Click the button to generate a new API key.
Give your key a descriptive name (e.g., "MacBook CLI", "CI/CD Pipeline", "Development").
Copy the key immediately. For security, the full key is only shown once.
API keys are only displayed in full once. If you lose it, you'll need to create a new one.
HookReplay API keys follow this format:
hr_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
The hr_ prefix makes it easy to identify HookReplay keys in your codebase or environment.
Configure your API key using the interactive CLI:
# Start the CLI hookreplay # Configure your API key (saved to ~/.hookreplay/config.json) config api-key hr_xxxxxxxxxxxx # Connect to the server connect
The API key is stored in your config file at:
~/.hookreplay/config.json
View your current configuration at any time:
● hookreplay> config ┌─────────────┬──────────────────────────┐ │ Setting │ Value │ ├─────────────┼──────────────────────────┤ │ API Key │ hr_xxxxx**** │ │ Server URL │ https://hookreplay.dev │ └─────────────┴──────────────────────────┘
Go to Settings → API Keys to see all your active keys, including their names and creation dates.
Click the delete button next to any key to revoke it immediately. The key will stop working instantly.
When you revoke a key, any CLI sessions using it will disconnect immediately.
Never hardcode API keys in your code. Use environment variables instead.
Create separate keys for each device or service for easy revocation.
Periodically rotate your API keys, especially after team members leave.
Ensure .env files containing keys are in your .gitignore.
If you believe an API key has been compromised: