Documentation Index
Fetch the complete documentation index at: https://docs.hexr.dev/llms.txt
Use this file to discover all available pages before exploring further.
Hexr Cloud API keys authenticate the CLI and any direct API requests you make against your tenant. Keys follow the format hxr_live_<64 hex characters> and carry a permission scope that limits what the bearer can do. This page covers how to create and use keys, what each permission level allows, and how to store keys safely.
Generating a key
Navigate to API Keys
Click API Keys in the sidebar.
Generate a new key
Click Generate New Key and select a permission level.
Copy your key
Copy the key immediately — it is shown only once and cannot be retrieved again.
Using your key
CLI authentication
hexr login --key hxr_live_0f0ea94b...
API authentication
curl -H "Authorization: Bearer hxr_live_0f0ea94b..." \
https://api.hexr.cloud/api/v1/tenants
Key permissions
| Permission | What it allows |
|---|
| Admin | Full access: manage tenants, users, keys, and deploy agents |
| Deploy | Build, push, and deploy agents. Cannot manage users or keys |
| Read-only | View agents, metrics, and logs. Cannot modify anything |
Use the minimum permission level your use case requires. CI/CD pipelines typically need Deploy; monitoring integrations only need Read-only.
Storing keys securely
Never commit API keys to source control. Rotate keys regularly, and revoke keys immediately when team members leave.
# macOS Keychain
security add-generic-password -s "hexr-api-key" -a "hexr" -w "hxr_live_..."
# Environment variable (development only)
export HEXR_API_KEY="hxr_live_..."