Skip to main content
All API requests require authentication. The recommended method for external integrations is an API key. Create an API key in Help GenieSettingsAPI KeysCreate Key. The full key is shown once — copy it immediately and store it securely. Keys use the hg_live_ prefix. Pass your key using either method: 
curl https://api.helpgenie.ai/v1/genies \
  -H "Authorization: Bearer hg_live_YOUR_KEY"
Key details:
  • Don’t expire — work until revoked
  • Rate limited: 60 requests/minute per key
  • Max 5 active keys per user
  • Keys carry the same permissions as the user who created them

Method 2: Session Token (for browser/app contexts)

For browser-based applications, authenticate with Supabase Auth: 
import { createClient } from "@supabase/supabase-js";

const supabase = createClient(
  "https://<project-ref>.supabase.co",
  "<anon-key>"
);

const { data, error } = await supabase.auth.signInWithPassword({
  email: "user@example.com",
  password: "your-password",
});

const accessToken = data.session?.access_token;
Then include the token in the Authorization header: 
Authorization: Bearer <session_access_token>
Session tokens expire after ~1 hour. The Supabase client handles refresh automatically.

Making authenticated requests

curl https://api.helpgenie.ai/v1/genies \
  -H "Authorization: Bearer hg_live_YOUR_KEY"

Authentication errors

Error codeHTTP statusDescription
UNAUTHORIZED401No authentication header provided.
INVALID_KEY_PREFIX401API key doesn’t start with hg_live_ or hg_admin_.
KEY_NOT_FOUND401API key not found or has been revoked.
INVALID_TOKEN401Session token is malformed, expired, or revoked.
Example error response: 
{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "No authentication provided. Include an Authorization header with 'Bearer hg_live_YOUR_KEY' or set the X-API-Key header.",
    "status": 401
  }
}
See Error handling for the complete error reference.