Authentication

​

Overview

Authorization: Bearer your_api_key_here

​

Creating Your First API Key

1

Sign in to Magic Hour

Visit magichour.ai and sign in to your account. If you don’t have an account yet, you can create one for free.

2

Navigate to Developer Hub

Once signed in, go to the Developer Hub from your dashboard or account menu. The API Keys section will be displayed by default.

3

Create New API Key

Click the “Create API Key” button to generate a new key.

4

Configure Your API Key

Give your API key a descriptive name to help you identify its purpose later:

• Name: Choose a clear name (e.g., “Production App”, “Development Testing”, “Mobile App”)
• Permissions: Select the appropriate permissions for your use case

Click “Create Key” to generate your new API key.

5

Copy and Store Your API Key

Important: Your API key will only be shown once. Copy it immediately and store it securely.

Save your API key now! You won’t be able to see the full key again after closing this dialog. If you lose it, you’ll need to create a new one.

​

Managing Your API Keys

​

Viewing API Keys

• Name: The descriptive name you gave the key
• Last 4 Characters: The last 4 characters of the key
• Created: When the key was created

​

Revoking API Keys

1. Find the key in your API Keys list
2. Click the Delete (Trash Icon) button next to the key
3. Click “Delete key” to confirm the revocation

​

Rotating API Keys

1. Create a new API key with the same permissions
2. Update your applications to use the new key
3. Test thoroughly to ensure everything works
4. Revoke the old key once you’re confident the new key is working

​

Using API Keys

​

In Code

import magic_hour

# Initialize client with your API key
client = magic_hour.Client(api_key="your_api_key_here")

# Or use environment variable
import os
client = magic_hour.Client(api_key=os.getenv("MAGIC_HOUR_API_KEY"))

​

Environment Variables

MAGIC_HOUR_API_KEY=your_api_key_here

​

Security Best Practices

​

✅ Do

• Store keys securely in environment variables or secure key management systems
• Use different keys for different environments (development, staging, production)
• Rotate keys regularly (every 90 days recommended)
• Revoke unused keys immediately
• Monitor key usage in the Developer Hub
• Use separate keys for different environments (development, staging, production)
• Implement proper error handling for authentication failures

​

❌ Don’t

• Never commit keys to version control (Git, SVN, etc.)
• Don’t expose keys in client-side code (JavaScript, mobile apps)
• Don’t share keys via email, chat, or other insecure channels
• Don’t use production keys in development environments
• Don’t ignore security warnings about exposed keys

​

Key Storage Solutions

• Environment variables (.env files)
• Local configuration files (excluded from version control)

• AWS Secrets Manager
• Azure Key Vault
• Google Secret Manager
• HashiCorp Vault
• Kubernetes Secrets

​

Authentication Errors

​

401 Unauthorized

• Check that your API key is correct
• Ensure the Authorization header is properly formatted
• Verify the key hasn’t been revoked

​

Monitoring Usage

• Credit Usage: Credits consumed by your requests

• Detect unusual activity that might indicate a compromised key
• Plan for capacity and billing

​

Next Steps

​

Need Help?

• Check our troubleshooting guide
• Contact support at [email protected]
• Join our community on Discord