Skip to main content
Huntr uses a single API key per account, passed on every authenticated request as the x-api-key header. 
curl https://api.tryhuntr.com/balance \
  -H "x-api-key: hntr_live_xxxxxxxxxxxx"

Create an API key

  1. Go to tryhuntr.com/dashboard.
  2. Sign up with your email.
  3. Copy your API key from the dashboard.
You receive free starting credits — no credit card required.

Email verification API

For programmatic signup flows: Step 1 — request verification 
curl --request POST \
  --url https://api.tryhuntr.com/keys/create \
  --header 'content-type: application/json' \
  --data '{ "email": "you@company.com" }'
Step 2 — click the link in your email The verification link calls GET /verify?token=... and returns your API key once. The token expires after 10 minutes. Each email can have only one active key.

Use your key

HeaderValue
x-api-keyYour Huntr API key (hntr_live_...)
Content-Typeapplication/json on POST requests
Authenticated endpoints return 401 when the key is missing or invalid.

Recover a lost key

curl --request POST \
  --url https://api.tryhuntr.com/keys/forgot \
  --header 'content-type: application/json' \
  --data '{ "email": "you@company.com" }'
Follow the reset link, then call POST /keys/reset with the token to receive a new key.

Rotate or revoke

EndpointPurpose
POST /keys/regenerateIssue a new key and invalidate the old one
POST /keys/revokePermanently disable the current key
Both require the current valid x-api-key.

Public endpoints

These work without authentication:
  • POST /keys/create — start signup
  • GET /verify — complete signup
  • GET /pricing — public pricing matrix
  • GET /health — health check

Security practices

  • Store keys in server-side secrets (env vars, vaults) — never in frontend code.
  • Use separate keys per environment (staging vs production) when possible.
  • Rotate immediately if a key is exposed.

Next step