Hub API
Hub is YAXI’s self-service portal. The Hub API exposes the same functionality programmatically.
Access requires a JSON Web Token (JWT) obtained via the OAuth 2.0 client credentials grant. YAXI will provide you with the client ID and client secret.
| Keep your client secret private at all times. Treat it with the same care as any other API secret key. |
Scopes
Tokens can be issued with any combination of the following scopes. Request only the scopes your application requires.
| Scope | Description |
|---|---|
|
Create new API keys. |
|
Delete existing API keys. |
|
List and retrieve API keys. |
Requesting a token
Send a client_credentials grant request to https://kinde.yaxi.tech/oauth2/token with the audience hub:api.
Pass the desired scopes as a space-separated list in the scope parameter.
-
curl
-
Python
-
Node.js
curl -X POST https://kinde.yaxi.tech/oauth2/token \
-H "Content-Type: application/x-www-form-urlencoded" \
--data-urlencode "grant_type=client_credentials" \
--data-urlencode "client_id=YOUR_CLIENT_ID" \
--data-urlencode "client_secret=YOUR_CLIENT_SECRET" \
--data-urlencode "audience=hub:api" \
--data-urlencode "scope=read:api_keys create:api_keys delete:api_keys"import httpx
response = httpx.post(
"https://kinde.yaxi.tech/oauth2/token",
data={
"grant_type": "client_credentials",
"client_id": "YOUR_CLIENT_ID",
"client_secret": "YOUR_CLIENT_SECRET",
"audience": "hub:api",
"scope": "read:api_keys create:api_keys delete:api_keys",
},
)
token = response.json()["access_token"]const params = new URLSearchParams({
grant_type: "client_credentials",
client_id: "YOUR_CLIENT_ID",
client_secret: "YOUR_CLIENT_SECRET",
audience: "hub:api",
scope: "read:api_keys create:api_keys delete:api_keys",
})
const response = await fetch("https://kinde.yaxi.tech/oauth2/token", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: params,
})
const { access_token: token } = await response.json()The response contains an access_token with the JWT and an expires_in field indicating its lifetime in seconds.
Example response:
{
"access_token": "eyJhbGci...",
"expires_in": 86400,
"token_type": "Bearer",
"scope": "read:api_keys create:api_keys delete:api_keys"
}| Cache and reuse tokens until they expire rather than requesting a new token for each API call. |
Using the token
Include the token as a Bearer token in the Authorization header of each Hub API request.
curl https://hub.yaxi.tech/api/... \
-H "Authorization: Bearer YOUR_TOKEN"Endpoints
The base URL for all endpoints is https://hub.yaxi.tech.
API keys
List
GET /api/tenant/api-keys — requires read:api_keys.
Returns all API keys for your tenant as an array.
The secret is not included.
Example response:
[
{
"id": "api-key-b2de0846-8a9c-4bcf-bf24-145b18a04a4f",
"name": "my api key",
"environment": "Production",
"hostSoftware": "Generic",
"redirectScraping": false,
"servicePermissions": null,
"expiresAt": null,
"tenantId": "tenant-b2de0846-8a9c-4bcf-bf24-145b18a04a4f",
"createdAt": "2026-01-01T00:00:00Z",
"updatedAt": "2026-01-01T00:00:00Z"
}
]Create
POST /api/api-keys — requires create:api_keys.
The secret is only returned on creation and cannot be retrieved afterwards.
Store it securely.
|
Example request:
{
"name": "my api key",
"environment": "Production",
"hostSoftware": "Generic",
"redirectScraping": false
}Example response (201):
{
"id": "api-key-b2de0846-8a9c-4bcf-bf24-145b18a04a4f",
"name": "my api key",
"secret": "Mjc0ODczNzU4Mjc0ODIxMjgyNDcyODQ=",
"environment": "Production",
"hostSoftware": "Generic",
"redirectScraping": false,
"servicePermissions": null,
"expiresAt": null,
"tenantId": "tenant-b2de0846-8a9c-4bcf-bf24-145b18a04a4f",
"createdAt": "2026-01-01T00:00:00Z",
"updatedAt": "2026-01-01T00:00:00Z"
}OpenAPI specification
The full OpenAPI specification is available here.