The Humalike API authenticates every request with a bearer token. There are
no unauthenticated API endpoints.
Send your token
Include the token in the Authorization header on every request:
Get a token
Your token is issued to your account and represents your session. Obtain it from
the Humalike dashboard and supply it with each request from your application.
Treat your token like a password. Keep it server-side, never embed it in
client-side code or commit it to source control, and rotate it if it leaks.
Failed authentication
A request with a missing, malformed, or expired token is rejected with 401
and the standard error envelope:
To resolve a 401, confirm the Authorization header is present, correctly
formatted as Bearer <token>, and that the token has not expired.
Credits
A valid token gets you authenticated; billable calls also need a credit
balance. Your first billable call provisions the account and grants its initial
allowance automatically. Each billable request is priced and checked against
your balance before it runs: a request your balance can’t cover is rejected
with 402 Payment Required and is not charged.
See Credits and billing for how billing works and how to
handle a 402, and Read your usage for pulling
your own billing data.