Skip to main content

Overview

The Hoox API uses API keys to authenticate requests. Your API key must be included in the Authorization header of all your requests.

API Key Format

Hoox API keys follow this format:
  • Production: hx_live_ followed by 64 hexadecimal characters
Example: hx_live_1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef

Generating an API Key

1

Access settings

Log in to your Hoox dashboard and go to Your Space > Settings > API.
2

Check your plan

Make sure you have an Enterprise plan. API access is only available for this plan.
3

Generate the key

Click Generate API Key and give it a descriptive name.
4

Save the key

Important: Copy and save your key immediately. It will never be displayed again.

Using the API Key

Authentication Header

All requests must include the Authorization header: 
Authorization: Bearer hx_live_your_api_key_here

Implementation Examples

curl -X GET "https://app.hoox.video/api/public/v1/resources/voices" \
  -H "Authorization: Bearer hx_live_your_api_key_here"

API Key Management

Revoking a Key

If your key is compromised:
  1. Go to Settings > API
  2. Click Revoke next to your key
  3. Generate a new key immediately
  4. Update your applications with the new key

Regeneration

To renew your key:
  1. Click Regenerate in the API settings
  2. The old key will be immediately revoked
  3. Save the new key
  4. Update your applications
Regeneration immediately revokes the old key. Make sure to update all your applications.

Security

Best Practices

  • Store your keys in environment variables
  • Never commit keys to source code
  • Use secret managers in production
  • Regenerate your keys regularly (every 3-6 months)
  • Monitor your key usage
  • Immediately revoke compromised keys
  • Limit API key access to necessary personnel only
  • Use different keys for different environments
  • Monitor usage logs

Environment Variables

HOOX_API_KEY=hx_live_your_api_key_here
HOOX_API_URL=https://app.hoox.video/api/public/v1

Authentication Errors

Common Error Codes

CodeStatusDescription
invalid_api_key401Invalid or missing API key
plan_required403Enterprise plan required
rate_limit_exceeded429Rate limit exceeded

Error Response Example

{
  "error": "Invalid API key",
  "details": [
    {
      "code": "invalid_api_key",
      "message": "The provided API key is invalid or has been revoked"
    }
  ]
}

Rate Limiting

Each API key has rate limits:
  • 100 requests per minute for Enterprise plan
  • Limits are applied per workspace
  • Response headers indicate your current usage

Rate Limiting Headers

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200
Monitor the X-RateLimit-* headers to avoid exceeding your limits.
I