API key authentication (ingest)

Used by the SDK and server-side integrations.
curl -X POST https://api.histeeria.com/v1/ingest \
  -H "Authorization: Bearer hst_live_xxxx" \
  -H "Content-Type: application/json" \
  -d '{"input": "hello", "output": "hi there", "agent_id": "demo"}'
Keys are created in Settings → API keys at app.histeeria.com.
API keys grant ingest access to your workspace. Treat them like production secrets.

JWT authentication (web app)

The Histeeria web app authenticates users via JWT after login/register. Browser requests include the session token automatically. Programmatic access to decision lists and evaluation endpoints requires a user session token — typically not needed if you use the SDK for ingest only.

Key lifecycle

ActionWhere
CreateSettings → API keys
Link to profileKey creation or edit
RevokeDelete key in Settings
Admin revokePlatform ops (internal)

Environment variables (SDK)

export HISTEERIA_API_KEY="hst_live_xxxx"
export HISTEERIA_BASE_URL="https://api.histeeria.com"  # optional