Skip to main content
All Honeycomb API requests require an API key. The type of key you use depends on what youโ€™re doing.

โ€‹
Honeycomb Resource Hierarchy

Honeycomb organizes resources hierarchically: Teams contain Environments, and Environments contain Datasets and other resources. API keys operate at different levels of this hierarchy, which determines what they can access.
  • Environment-level keys access a single Environment and its Datasets. These include Ingest and Configuration Keys.
  • Team-level keys access all Environments and Team settings. These are Management Keys.
If you use Honeycomb Classic, your account doesnโ€™t have Environments. Classic API keys operate at the Team level and access all your Classic Datasets directly.

โ€‹
API Key Types

Honeycomb has three types of API keys, each designed for a specific purpose and scope.
Key TypeScopeUseAuthentication
IngestEnvironmentSend telemetry dataSingle value
ConfigurationEnvironmentManage Environment resourcesSingle value
ManagementTeamManage keys and EnvironmentsKey ID + Key Secret
When you create an API key, the secret is returned only at creation time. Store it securely; Honeycomb cannot retrieve it again.

โ€‹
Ingest Keys

Ingest Keys send event data to Honeycomb. Pass an Ingest Key in the X-Honeycomb-Team header. The key value is the key ID and key secret concatenated with no separator. 
X-Honeycomb-Team: hcxik_1234567890123456789012345612345678901234567890123456789012
Ingest Keys can optionally be granted permission to create new Datasets automatically.

โ€‹
Configuration Keys

Configuration Keys read and manage resources within a specific Environment, such as Datasets, queries, Boards, Triggers, and SLOs. Pass a Configuration Key in the X-Honeycomb-Team header, the same way as an Ingest Key. 
X-Honeycomb-Team: hcxlk_1234567890123456789012345612345678901234567890123456789012
Each Configuration Key has a set of permissions that control which actions it can perform. You assign these permissions when you create or update the key.

โ€‹
Management Keys

Management Keys handle Team-level operations, including managing Environments and API keys themselves. Pass a Management Key as a Bearer token in the Authorization header, joining the key ID and secret with a colon. 
Authorization: Bearer hcxmk_12345678901234567890123456:12345678901234567890123456789012

โ€‹
Key Prefixes

API key IDs include a prefix that identifies the key type:
  • hcxik_: Ingest Key
  • hcxlk_: Configuration Key
  • hcxmk_: Management Key

โ€‹
Validating a Key

Use the Auth endpoint to confirm which key you are using, check its permissions, and identify the Team and Environment it belongs to.
If you use Honeycomb Classic, the environment.name and environment.slug fields in the Auth endpoint response will return empty strings. This is expected behavior.

โ€‹
Managing API Keys

To create, update, or revoke keys, go to Team Settings > API Keys in Honeycomb, or use the Key Management API. For best practices, including rotation and least-privilege recommendations, see API Key Best Practices.