API Keys
API keys authenticate your requests to the Kanva API.
Overview
Every API request must include a valid API key. Keys are scoped to a specific project and grant access to all operations within that project.
Key Format
Kanva API keys follow this format:
hd_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
- Prefix:
hd_(Human-Driven) - 32 character alphanumeric string
Creating API Keys
- Log in to Kanva
- Select your project
- Go to Settings > API Keys
- Click Create New Key
- Give it a descriptive name (e.g., "Production Server", "Development")
- Copy the key immediately - it won't be shown again
Using API Keys
Include the key in the X-API-Key header:
curl -X POST "https://kanva.human-driven.ai/api/v1/projects/{id}/predict" \
-H "X-API-Key: hd_your_key_here" \
-H "Content-Type: application/json" \
-d '{"input": {...}}'
Key Management
Viewing Active Keys
The API Keys page shows:
- Key name
- Creation date
- Last used timestamp
- Partial key (last 4 characters)
Revoking Keys
To revoke a key:
- Go to Settings > API Keys
- Find the key you want to revoke
- Click Revoke
- Confirm the action
warning
Revoked keys cannot be restored. Any application using the key will immediately lose access.
Best Practices
Environment Variables
Never hardcode API keys in your source code:
import os
API_KEY = os.environ.get("KANVA_API_KEY")
if not API_KEY:
raise ValueError("KANVA_API_KEY environment variable not set")
Separate Keys for Environments
Create different keys for:
- Development
- Staging
- Production
This limits blast radius if a key is compromised.
Regular Rotation
Rotate API keys periodically:
- Create a new key
- Update your applications
- Revoke the old key
Monitoring
Review the "Last Used" column regularly to identify:
- Unused keys that can be revoked
- Unexpected usage patterns