Authentication
How to authenticate with the Growhouse API
Authentication
The Growhouse API uses API keys for authentication.
Getting an API Key
- Log in to app.growhouse.co
- Go to Workspace Settings
- Click API Keys in the sidebar
- Click Create API Key
- Give it a name and select permissions
- Copy the key immediately (it won't be shown again)
Using Your API Key
Include your API key in the Authorization header:
Key Permissions
When creating a key, you can scope its permissions:
| Permission | Description |
|---|---|
read:workspaces | View workspace info |
write:workspaces | Create/update workspaces |
read:canvases | View canvases |
write:canvases | Create/update canvases |
delete:canvases | Delete canvases |
Security Best Practices
Do
- Store keys in environment variables
- Use separate keys for different applications
- Rotate keys periodically
- Use minimum required permissions
Don't
- Commit keys to version control
- Share keys between team members
- Use production keys in development
- Expose keys in client-side code
Revoking Keys
If a key is compromised:
- Go to Workspace Settings → API Keys
- Find the compromised key
- Click Revoke
- Create a new key
- Update your applications