curl -X POST 'https://api.hitl.sh/v1/loops' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Content Moderation",
    "description": "Review flagged content for inappropriate material"
  }'

{
  "id": "loop_abc123",
  "name": "Content Moderation",
  "description": "Review flagged content for inappropriate material",
  "status": "active",
  "created_at": "2024-01-15T10:30:00Z"
}

API Keys

API keys are your secure credentials for integrating HITL.sh with your applications, workflows, and third-party tools. They authenticate your requests and ensure only authorized systems can interact with your loops and data.

Understanding API Keys

API keys in HITL.sh serve as your application’s identity and provide secure access to:
  • Loop Management: Create, update, and delete loops
  • Request Submission: Send requests for human review
  • Response Retrieval: Fetch human decisions and feedback
  • Webhook Configuration: Set up event notifications
  • Analytics Access: Retrieve performance metrics and reports
Keep your API keys secure and never expose them in client-side code or public repositories. Treat them like passwords.

Generating Your First API Key

1

Access API Settings

Navigate to your dashboard and click on “Settings” → “API Keys” in the sidebar.
2

Create New Key

Click the “Generate New API Key” button to create a new key.
3

Configure Permissions

Set the appropriate permissions for your use case:
  • Read: View loops, requests, and responses
  • Write: Create and update loops and requests
  • Admin: Full access including deletion and user management
4

Copy and Store

Copy the generated API key immediately and store it securely. You won’t be able to see the full key again.
API keys are generated as 64-character hexadecimal strings. Store them securely in environment variables or secure configuration files.

API Key Management

Viewing Active Keys

Your dashboard shows all active API keys with their:
  • Name: Descriptive label for easy identification
  • Permissions: Access level granted to the key
  • Created Date: When the key was generated
  • Last Used: Most recent activity timestamp
  • Status: Active, suspended, or expired

Key Permissions

Security Best Practices

Environment Variables

Store API keys in environment variables, never hardcode them in your source code.

Key Rotation

Regularly rotate your API keys to minimize the impact of potential compromises.

Scope Permissions

Grant only the minimum permissions necessary for each integration.

Monitor Usage

Regularly review API key usage to detect unauthorized access.

Using API Keys

Authentication Header

Include your API key in the Authorization header of all API requests: 
Authorization: Bearer YOUR_API_KEY_HERE

Example API Request

curl -X POST 'https://api.hitl.sh/v1/loops' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Content Moderation",
    "description": "Review flagged content for inappropriate material"
  }'

{
  "id": "loop_abc123",
  "name": "Content Moderation",
  "description": "Review flagged content for inappropriate material",
  "status": "active",
  "created_at": "2024-01-15T10:30:00Z"
}

Integration Examples

Python Integration

import requests

api_key = "YOUR_API_KEY"
base_url = "https://api.hitl.sh/v1"

headers = {
    "Authorization": f"Bearer {api_key}",
    "Content-Type": "application/json"
}

# Create a new loop
response = requests.post(
    f"{base_url}/loops",
    headers=headers,
    json={
        "name": "Quality Review",
        "description": "Review AI-generated content quality"
    }
)

Node.js Integration

const axios = require('axios');

const apiKey = 'YOUR_API_KEY';
const baseURL = 'https://api.hitl.sh/v1';

const client = axios.create({
  baseURL,
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});

// Submit a request for review
const submitRequest = async (loopId, content) => {
  try {
    const response = await client.post(`/loops/${loopId}/requests`, {
      content,
      priority: 'high'
    });
    return response.data;
  } catch (error) {
    console.error('Error submitting request:', error);
  }
};

Troubleshooting

Common Issues

Next Steps

With your API key configured, you’re ready to:

Create Your First Loop

Set up a human-in-the-loop workflow using the API.

Explore API Reference

Learn about all available API endpoints and parameters.