Skip to main content

Authentication

The Hubify API supports two authentication methods: API keys (for server-to-server) and Clerk JWT tokens (for user sessions).

API Keys

API keys are long-lived credentials for programmatic access. Create them from the CLI or web UI.

Creating an API Key

API keys are shown only once at creation. Store them securely. If lost, revoke and create a new one.

Using an API Key

Scopes

Clerk JWT Tokens

For user-facing applications, use Clerk JWT tokens obtained through the Clerk authentication flow.

Obtaining a Token

Token Refresh

Clerk tokens expire after 60 seconds. Use the Clerk SDK’s automatic refresh mechanism for long-lived sessions.

Environment Variables

Security Best Practices

  • Use the narrowest possible scopes for API keys
  • Rotate API keys regularly (every 90 days recommended)
  • Never commit API keys to version control
  • Use environment variables for all credentials
  • Prefer Clerk JWT tokens for user-facing applications
  • Revoke compromised keys immediately with hubify auth api-key revoke <key>