Hexclave
Hexclave
Go to Dashboard

API keys, without the footguns

Leaked keys auto-revoked·For users and for teams·Drop-in management UI

Open dashboardRead the docs

Create a key, ship the UI, sleep at night

One call to create·Pre-built management screen·Same SDK on user and team

ts
1// The full secret is in the return value — and only here.
2// Next time you list keys, you'll just get the last 4 characters.
3const key = await user.createApiKey({
4  description: "production · checkout",
5  expiresAt: new Date(Date.now() + 90 * 24 * 60 * 60 * 1000),
6  isPublic: false,
7});
8 
9return Response.json({ secret: key.value });

Three things to get right. We got them right.

Catch leaks for them·Bill to a person or a team·Never show a secret twice

Secret scanner
Live
acme/web-app/config.ts
public
1// config.ts
2export const STACK = {
3 projectId: "prj_8a2f",
4 secret: "sk_live_9f0c4b2e7a31",
5};
Pipelinemonitoring
Scan
Detect
Revoke
sk_live_9f0c…3a17
production · created 14d ago
Active

01·Leak protection

Find leaked keys before anyone else does

  • We watch public code for keys that shouldn't be there
  • If one shows up, we revoke it before it can be used
  • Your team gets a heads-up — not a 3 AM incident
Secret scannerAuto-revokeCloud only
Account settings
API keys
Noah · personal
user.useApiKeys
Acme · team
team.useApiKeys
Noah Patel
user.useApiKeys()
Keys
2
macbook · dev
sk_•••a8d2·no expiry
Active
cli · acme-cli
sk_•••b2c4·expires in 60d
Active
New personal key
user.createApiKey({ … })

02·Users and teams

One way to issue keys, whoever owns them

  • People get personal keys for their laptop and CLI
  • Teams get shared keys for CI, workers, and integrations
  • Same SDK, same hooks, same management screen
Personal keysTeam keysBuilt-in UI
API keys · Maya
Your keys
Description
production · checkout service
Expires
in 90 days
Visibility
Secret (sk_)
Create API key
user.createApiKey
Shown once — copy it now or it's gone for good.

03·Show once, then forget

We can't leak what we don't keep

  • Full secret returned once, when the key is created
  • After that, even we only see the last four characters
  • Set an expiry up front or revoke any key with one call
First viewLast 4 onlyExpire & revoke

Ready to ship API access you won't regret?

Drop in a single app — or use the whole platform. Either way, you ship faster.

Get started for free

Explore other apps

View all
Data Vault

Secure storage for sensitive user data

Authentication

User sign-in and account management

Analytics

View and explore analytics data

Emails

Email template configuration and management

RBAC

Role-based access control and permissions

Fraud Protection

Sign-up rules, bot detection, domain & country filters