API Key Authentication
The Opt-In Submit API uses API key authentication. You generate and manage your key from the Hermon dashboard — no code required.
How to Use Your Key
Once you have a key, include it in every request to the opt-in endpoint using the x-api-key header:
Managing Your API Key
All key management happens in the Hermon dashboard under Settings → Integrations → API Keys.
Generate an API Key
In the Hermon dashboard, navigate to Settings → Organization. Click Generate Key. The full key is shown only once — copy it immediately and store it somewhere safe.
View Key Info
After generation, you can return to Settings → Organization at any time to see your key's status, when it was last used, and when it was created. The full key is never shown again — only a short prefix for identification.
Regenerate a Key
If your key is compromised or you want to rotate it, click Regenerate in the API Keys section. A new key is generated and the old one is invalidated immediately.
Revoke a Key
To permanently disable API access, click Revoke. All requests using the revoked key will immediately receive a 401 Unauthorized response. A new key must be generated to resume submissions.
Security Best Practices
Environment Variables
Secure Hashing
Organization Isolation
Key Rotation
Emergency Revocation