heydecks
DocumentationAPI ReferenceMCP

API

Authentication

Bearer API keys. Every request must carry an Authorization header.

#API keys

Mint keys at heydecks.com/dashboard/api-keys. Keys are prefixed hd_live_ and shown once at creation — copy the plaintext before closing the dialog.

heydecks stores only sha256(key) plus an 8-character prefix for recognition. The plaintext is never persisted.

REST API access requires a Pro plan or higher. Free and Solo plans receive a 403 api_not_on_plan error on every API call.

#Header format

Send the key as a Bearer token on every request:

Shell
Authorization: Bearer hd_live_<prefix>_<secret>

Example:

Shell
curl https://heydecks.com/v1/decks \
  -H "Authorization: Bearer hd_live_abc12345_xyz789…"

#Key management

  • Create — Dashboard → API keys → New key. Name it (e.g. "production", "staging").
  • Revoke — Dashboard → API keys → Revoke. Takes effect on the next call.
  • Rotate — Revoke the old key, issue a new one. There is no in-place rotation.

#Error envelope

Every non-2xx response uses the same envelope:

JSON
{
  "error": {
    "code": "invalid_key",
    "message": "Invalid or revoked API key"
  }
}

Authentication errors:

CodeHTTPWhen
invalid_key401Missing, malformed, or revoked API key.
api_not_on_plan403Your plan doesn't include API access. Pro plan required.

See Errors for the full error code table.