Skip to main content
All API requests must be authenticated. Everhour uses API key authentication — pass your key in the X-Api-Key request header.

Getting your API key

  1. Sign in to your Everhour account.
  2. Go to your profile page.
  3. Scroll to the bottom — your API key is shown there.

Using the API key

Include the key in every request: 
X-Api-Key: YOUR_API_KEY
Example: 
curl https://api.everhour.com/users/me \
  -H "X-Api-Key: YOUR_API_KEY"

What happens without a valid key

If the X-Api-Key header is missing or the key is invalid, the API returns: 
HTTP/1.1 401 Unauthorized

{
  "code": 401,
  "message": "Unauthorized"
}

Security recommendations

  • Store the API key in environment variables, not in source code.
  • Rotate the key if you suspect it has been compromised — you can regenerate it from your profile page.
  • Each API key is tied to a specific user account and inherits that user’s permissions.
At this time, Everhour supports one API key per user account. OAuth or fine-grained scopes are not currently available.