Authentication
Learn how to authenticate with the Holo API.
The Holo API supports two authentication methods: API keys for simple integrations and OAuth 2.0 for more advanced use cases.
API Key Authentication
API keys are the simplest way to authenticate:
- Navigate to Settings → API & Integrations
- Click "Generate API Key"
- Give your key a descriptive name
- Copy the key immediately (you won't be able to see it again)
- Include the key in API requests using the Authorization header
Using API Keys
Include your API key in the Authorization header:
Authorization: Bearer YOUR_API_KEYOAuth 2.0 Authentication
For applications that need user-specific access:
- Register your application to get client credentials
- Implement OAuth 2.0 authorization flow
- Obtain access tokens for API requests
- Refresh tokens when they expire
Security Best Practices
- Never commit API keys to version control
- Store keys securely (environment variables, secret managers)
- Rotate keys regularly
- Use different keys for different environments
- Revoke keys that are no longer needed
- Monitor API usage for suspicious activity
Token Expiration
API keys don't expire, but OAuth tokens do:
- Access tokens typically expire after 1 hour
- Use refresh tokens to obtain new access tokens
- Handle token expiration gracefully in your code
💡 Pro Tip
Start with API key authentication for testing and simple integrations. Use OAuth 2.0 when you need user-specific access or are building a public application.