The Humic API uses API keys to authenticate requests. Each API key is scoped to a single design system.
Creating an API key
- Open your design system in the Humic dashboard
- Go to Settings → API Keys
- Click Create API Key and give it a name
Your key will look like sk_live_.... Store it securely — you won’t be able to see it again.
API keys grant read access to your design system’s tokens, scales, and primitives. Treat them like passwords.
Using the API key
Pass your key in the Authorization header:
curl https://humic.dev/api/v1/tokens \
-H "Authorization: Bearer sk_live_your_key_here"
/api/v1/tokens, /api/v1/scales, /api/v1/primitives, /api/v1/project, and /api/v1/export/* use this authentication method.
CLI tokens
The CLI uses a separate authentication method. When you run humic login, a CLI token is created and stored locally at ~/.config/humic/credentials. CLI tokens expire after 90 days.
For CI environments, you can authenticate with a token directly:
npx @humicdev/cli login --token $HUMIC_CLI_TOKEN
Error responses
| Status | Meaning |
|---|
401 | Missing or invalid API key |
403 | Valid key but insufficient permissions |
429 | Rate limit exceeded |
{
"error": "unauthorized",
"message": "Invalid or missing API key"
}
