Prerequisites
Before you begin, make sure you have:- An active Mindhunters workspace account
- Access to your workspace dashboard
- Admin or developer permissions to create API tokens
Getting Your API Token
Follow these steps to generate your API authentication token:1
Log in to your Mindhunters workspace
Navigate to your Mindhunters workspace at
https://your-tenant.mindhunters.ai and sign in with your credentials.2
Access your profile
Click on your profile icon in the top right corner of the dashboard.
3
Navigate to Developer section
From the dropdown menu, select “Developer” to access the developer settings.
4
Create a new API token
In the Developer section:
- Click on “Create New API Token” or “Generate Token”
- Give your token a descriptive name (e.g., “Production API”, “Development Testing”)
- Set appropriate permissions if prompted
- Click “Create” or “Generate”
5
Copy and secure your token
Important: Copy your API token immediately and store it securely. For security reasons, you won’t be able to see it again after closing the dialog.Store your token in a secure location such as:
- Environment variables
- Secure credential management systems
- Password managers (for development)
Understanding Your Tenant/Subdomain
Your Mindhunters workspace URL contains your tenant identifier (also called subdomain), which is required for all API calls.How to Find Your Tenant
Your tenant is the subdomain in your Mindhunters workspace URL:https://abc.mindhunters.ai, then your tenant is abc.
Using Your Tenant in API Calls
All API endpoints use your tenant in the base URL:Authentication Format
Mindhunters API uses Bearer Token Authentication. Include your API token in theAuthorization header of every request:
Example Authentication Headers
Security Best Practices
Store tokens securely
Store tokens securely
- Use environment variables for API tokens
- Never hardcode tokens in your source code
- Use secure credential management systems in production
- Rotate tokens periodically
Use HTTPS only
Use HTTPS only
All API requests must use HTTPS. HTTP requests will be rejected. The Mindhunters API enforces TLS 1.2 or higher.
Implement token rotation
Implement token rotation
- Create multiple tokens for different services
- Rotate tokens regularly (every 90 days recommended)
- Have a process to quickly rotate compromised tokens
Limit token scope
Limit token scope
- Create separate tokens for different environments (development, staging, production)
- Use descriptive names to track token usage
- Revoke unused tokens immediately
Monitor token usage
Monitor token usage
- Regularly review API logs for unusual activity
- Set up alerts for failed authentication attempts
- Monitor token usage in the Developer section of your dashboard
Token Management
Viewing Active Tokens
You can view all active API tokens in the Developer section of your workspace:- Go to your profile → Developer
- View the list of active tokens
- See token creation date and last used timestamp
Revoking Tokens
If you need to revoke a token:- Navigate to Developer section
- Find the token in your list
- Click “Revoke” or the delete icon
- Confirm the revocation
Creating Multiple Tokens
You can create multiple tokens for different purposes:- Development: For local testing and development
- Staging: For staging environment deployments
- Production: For production applications
- CI/CD: For automated deployment pipelines
Authentication Errors
Common authentication errors and how to resolve them:| Status Code | Error | Solution |
|---|---|---|
| 401 | Unauthorized | Verify your token is correct and hasn’t been revoked |
| 401 | Missing Authorization header | Include the Authorization: Bearer YOUR_TOKEN header |
| 401 | Invalid token format | Ensure you’re using Bearer YOUR_TOKEN format |
| 403 | Forbidden | Check that your token has the necessary permissions |
| 404 | Not Found | Verify your tenant/subdomain in the base URL is correct |