Authentication
All API v2 endpoints require an API key passed in the X-API-Key request header.
Getting an API key
Keys are project-scoped — each key grants access to exactly one project.
- Open your project in the Hinto app
- Go to Settings → API Keys & Webhooks
- Click New API Key
- Select the scopes the key needs (see below)
- Copy the key — it is shown only once
Using your key
Pass it as a header on every request:
X-API-Key: hinto_your_key_here
Example:
curl https://app.hintoai.com/api/external/v2/project \
-H "X-API-Key: hinto_your_key_here"
Scopes
Each key is assigned one or more scopes. Endpoints declare the minimum scope required — a request is rejected if the key lacks that scope.
| Scope | What it allows |
|---|---|
| read | List and get articles, folders, videos, project info, templates |
| write | Create, update, delete, and move articles and folders; delete videos |
| generate | Start content generation and structure jobs; import videos |
| publish | Publish, republish, and unpublish the project |
When creating a key, grant only the scopes your integration actually needs.
Error responses
All errors use this shape:
{
"error": {
"code": "UNAUTHORIZED",
"message": "Missing or invalid API key"
}
}
Common auth error codes:
| Code | HTTP | Meaning |
|---|---|---|
| UNAUTHORIZED | 401 | Key missing, invalid, expired, or revoked |
| INSUFFICIENT_SCOPE | 403 | Key valid but lacks the required scope |
| RATE_LIMITED | 429 | 60 requests/minute per key — retry after Retry-After seconds |