Skip to main content
All Honeycomb API requests require an API key. The type of key you use depends on what you’re doing.

Honeycomb Resource Hierarchy

Honeycomb organizes resources hierarchically: Teams contain Environments, and Environments contain Datasets and other resources. API keys operate at different levels of this hierarchy, which determines what they can access.
  • Environment-level keys access a single Environment and its Datasets. These include Ingest and Configuration Keys.
  • Team-level keys access all Environments and Team settings. These are Management Keys.
If you use Honeycomb Classic, your account doesn’t have Environments. Classic API keys operate at the Team level and access all your Classic Datasets directly.

API Key Format

On creation, every API key is assigned a Key ID, which is a label used to identify the Key in the Honeycomb UI. Key IDs include a prefix that identifies the key type:
  • hc[x]ik_: Ingest Key
  • hc[x]lk_: Configuration Key
  • hc[x]mk_: Management Key
The character shown as [x] varies and is assigned at key creation.
For Ingest and Management Keys, you will also have a Secret, which is a separate credential that combines with the Key ID to form the value you pass in API requests. Configuration Keys have a Token. You can retrieve the Token from the Honeycomb UI at any time.

API Key Types

Honeycomb has three types of API keys, each designed for a specific purpose and scope.
Key TypeScopeUseHeaderVia the UIVia the API
IngestEnvironmentSend telemetry dataX-Honeycomb-TeamIngest Keydata.id + data.attributes.secret
ConfigurationEnvironmentManage Environment resourcesX-Honeycomb-TeamTokendata.attributes.secret
ManagementTeamManage keys and EnvironmentsAuthorization: BearerKey ID + : + SecretN/A
When creating an Ingest Key through the UI, Honeycomb returns the complete key value. You only need to construct it from data.id and data.attributes.secret when using the Create an API Key endpoint.

Ingest Keys

Ingest Keys send data to Honeycomb. Pass an Ingest Key in the X-Honeycomb-Team header. The key value is the Key ID and Secret concatenated with no separator. If you created your key through the UI, Honeycomb provides the complete value as the Ingest Key. If you created it via the API, concatenate data.id and data.attributes.secret with no separator. 
X-Honeycomb-Team: hc[x]ik_1234567890123456789012345612345678901234567890123456789012
Ingest Keys can optionally be granted permission to create new Datasets automatically.
If you created your Ingest Key through the UI, store the complete Ingest Key securely; Honeycomb displays the concatenated value only when you create the key. If you created your Ingest Key via the API, store data.attributes.secret securely; Honeycomb returns it only upon creation.

Configuration Keys

Configuration Keys read and manage resources within a specific Environment, such as Datasets, queries, Boards, Triggers, and SLOs. Pass the Token in the X-Honeycomb-Team header. If you created your Configuration Key via the API, use data.attributes.secret; this is the same value as the Token in the UI. 
X-Honeycomb-Team: 1234567890123456789012
Each Configuration Key has a set of permissions that control which actions it can perform. You assign these permissions when you create or update the key.

Management Keys

Management Keys handle Team-level operations, including managing Environments and API keys. Pass a Management Key as a Bearer token in the Authorization header. Construct the key value by joining the Key ID and Secret with a colon (:). Management Keys can only be created through the UI. 
Authorization: Bearer hc[x]mk_12345678901234567890123456:12345678901234567890123456789012
Store the Secret securely when you create the key; Honeycomb returns it only upon creation.

Validating a Key

Use the Auth endpoint to confirm which key you are using, check its permissions, and identify the Team and Environment it belongs to.
If you use Honeycomb Classic, the environment.name and environment.slug fields in the Auth endpoint response will return empty strings. This is expected behavior.

Managing API Keys

To create, update, or revoke keys, navigate to Account > Team Settings > API Keys in Honeycomb, or use the Key Management API. For best practices, including rotation and least-privilege recommendations, see API Key Best Practices.