Developer Documentation

Authentication

Enterprise-grade link infrastructure. Secure your API integrations with API keys, OAuth 2.0, and industry-standard authentication flows.

API Keys

Every HyperSnap workspace ships with two API keys: one for development and one for production. Keys are scoped to specific permissions and can be rotated without downtime.

Generate keys from your dashboard under Settings → API Access. Each key follows the hs_live_ or hs_test_ prefix convention and is 48 characters long. Include your key in the Authorization header as a Bearer token on every request.

Create a Key

Click Generate Key in the API Access panel. Assign a descriptive name like analytics-pipeline and select the permission scopes: links:read, links:write, or analytics:read.

Rotate a Key

Generate a replacement key before revoking the old one. Both keys remain active for a 72-hour grace window, giving you time to update your services without service interruption.

Revoke a Key

Immediately invalidate a compromised or unused key. Revocation is irreversible. All in-flight requests using the revoked key will receive a 401 Unauthorized response.

OAuth 2.0

Third-party applications and partner integrations use OAuth 2.0 to access HyperSnap resources on behalf of your users. We support the Authorization Code flow with PKCE for public clients and the standard flow for confidential clients.

Register your application at developers.hypersnap.io/apps to obtain a client ID and client secret. Set your redirect URI to a verified domain, then initiate the authorization flow by directing users to https://auth.hypersnap.io/oauth/authorize with your client ID, scope, and state parameters.

Register Your Application

Provide your app name, homepage URL, and a valid redirect URI. HyperSnap issues a client ID (e.g., client_9f2a7b1c) and a 32-character client secret. Store the secret in your environment variables — never commit it to version control.

Authorization Code Flow

Redirect users to the authorization endpoint with response_type=code, your client ID, requested scopes, and a CSRF-safe state parameter. After consent, HyperSnap redirects back with an authorization code valid for 5 minutes.

Token Exchange & Refresh

Exchange the authorization code for an access token and refresh token at https://auth.hypersnap.io/oauth/token. Access tokens expire after 1 hour; use the refresh token to obtain a new pair without re-prompting the user.

Security Best Practices

Protect your HyperSnap workspace by following these operational guidelines for key management, scope minimization, and incident response.

Principle of Least Privilege

Assign only the scopes your service actually needs. A read-only analytics dashboard should never hold links:write permissions. Review active keys quarterly and remove unused scopes.

Environment Isolation

Keep development and production keys separate. Use hs_test_ keys against the sandbox environment at api-sandbox.hypersnap.io and hs_live_ keys against api.hypersnap.io. Never test with production credentials.

Secret Storage

Store API keys and client secrets in a secrets manager such as HashiCorp Vault, AWS Secrets Manager, or Doppler. Rotate secrets on a 90-day schedule and enforce access controls so only deployment pipelines and authorized personnel can retrieve them.

Monitor & Alert

Enable audit logging in your workspace settings. Set up alerts for unusual patterns: keys created outside business hours, spikes in 401 responses, or API calls originating from unrecognized IP ranges. Investigate anomalies within 24 hours.

If you suspect a key has been compromised, revoke it immediately and contact our security team at security@hypersnap.io. We respond to incident reports within 4 business hours and can assist with forensic analysis of affected requests.