Authentication

All API requests require a Bearer token in the Authorization header.

Getting your API key

Go to Settings > Account
Your API key is displayed under the Account tab (any paid plan)
Click “Reveal” to see it, “Copy” to copy it

Using the API key

Include it in every request:

Authorization: Bearer YOUR_API_KEY

Examples

curl

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://www.tryhoard.com/api/v1/status

Python

import requests

API_KEY = "YOUR_API_KEY"
BASE_URL = "https://www.tryhoard.com/api/v1"

headers = {"Authorization": f"Bearer {API_KEY}"}

response = requests.get(f"{BASE_URL}/status", headers=headers)
print(response.json())
# {"sync_in_progress": false, "last_sync_at": "2026-04-19T14:30:00Z", ...}

Node.js

const API_KEY = "YOUR_API_KEY";
const BASE_URL = "https://www.tryhoard.com/api/v1";

const response = await fetch(`${BASE_URL}/status`, {
  headers: { Authorization: `Bearer ${API_KEY}` },
});
const data = await response.json();
console.log(data);
// { sync_in_progress: false, last_sync_at: "2026-04-19T14:30:00Z", ... }

Security

Your API key is unique to your account
It provides full access to your sync data (inventory, orders, sales)
Never share it or commit it to version control
Store it in your .env file, not in workflow YAML or scripts
If compromised, contact support@tryhoard.com to rotate it

Error responses

401 — Invalid or missing API key

HTTP 401
{"error": "Invalid or missing API key", "code": "unauthorized"}

The code: "unauthorized" field is machine-readable. Check for it programmatically to distinguish authentication failures from other errors.

403 — Account suspended

HTTP 403
{"error": "Account suspended", "code": "account_suspended"}

API Reference

Documentation Index

​Getting your API key

​Using the API key

​Examples

​curl

​Python

​Node.js

​Security

​Error responses

​401 — Invalid or missing API key

​403 — Account suspended