Authentication
The Hubify API supports two authentication methods: API keys (for server-to-server) and Clerk JWT tokens (for user sessions).
API Keys
API keys are long-lived credentials for programmatic access. Create them from the CLI or web UI.
Creating an API Key
API keys are shown only once at creation. Store them securely. If lost, revoke and create a new one.
Using an API Key
Scopes
Clerk JWT Tokens
For user-facing applications, use Clerk JWT tokens obtained through the Clerk authentication flow.
Obtaining a Token
Token Refresh
Clerk tokens expire after 60 seconds. Use the Clerk SDK’s automatic refresh mechanism for long-lived sessions.
Environment Variables
Security Best Practices
- Use the narrowest possible scopes for API keys
- Rotate API keys regularly (every 90 days recommended)
- Never commit API keys to version control
- Use environment variables for all credentials
- Prefer Clerk JWT tokens for user-facing applications
- Revoke compromised keys immediately with
hubify auth api-key revoke <key>