Skip to main content

Overview

Hiveku uses Clerk for authentication. All API requests must include a valid session token.

Session Tokens

When authenticated via the Hiveku dashboard, API requests are automatically authenticated through Clerk’s session management. For programmatic access, include your session token in the Authorization header: 
curl -X GET https://app.hiveku.com/api/builder/dashboard/stats \
  -H "Authorization: Bearer YOUR_SESSION_TOKEN"

Multi-Tenant Context

Hiveku is multi-tenant — every request is scoped to your organization (account). The organization is determined from your authenticated session. All data queries are automatically filtered by account_id, so you only see data belonging to your organization.

Permissions

API permissions follow the same rules as the dashboard:
  • Owner — Full access to all features and settings
  • Admin — Manage projects, team members, and billing
  • Member — Create and edit projects, access marketing and CRM

Getting Your Session Token

For development and testing:
  1. Sign in to app.hiveku.com
  2. Open your browser’s developer tools
  3. Go to Application > Cookies
  4. Find the __session cookie value
Session tokens expire. For long-lived integrations, consider using Clerk’s API key authentication or webhooks instead of session tokens.

Webhook Authentication

Hiveku sends webhook events with a signature header for verification: 
X-Hiveku-Signature: sha256=abc123...
Verify the signature against your webhook secret to ensure the request is authentic.