Authentication
The Harvest API uses API key authentication for all requests. You’ll need to include your API key in theAPI-Key header for every request.
Getting Your API Key
- Log in to your Harvest dashboard
- Navigate to Settings → API Keys
- Click Generate New API Key
- Copy and securely store your API key
Keep your API key secure and never expose it in client-side code or public repositories.
Using Your API Key
Include your API key in theAPI-Key header for all requests:
Environment Variables
We recommend storing your API key as an environment variable:API Key Scopes
Your API key provides access to:- Data Collection: Launch and manage scraping jobs
- Results Access: Stream and fetch collected data
- Job Management: View and control your scrape jobs
Security Best Practices
Secure Storage
Secure Storage
- Store API keys in environment variables or secure vaults
- Never commit API keys to version control
- Use different keys for development and production
Access Control
Access Control
- Rotate API keys regularly
- Monitor API key usage in your dashboard
- Revoke unused or compromised keys immediately
Network Security
Network Security
- Always use HTTPS for API requests
- Implement proper error handling to avoid key exposure
- Consider IP allowlisting for sensitive applications
Authentication Errors
If authentication fails, you’ll receive a401 Unauthorized response:
- Missing API key: Include the
API-Keyheader - Invalid key: Check your key in the dashboard
- Expired key: Generate a new API key
- Wrong endpoint: Ensure you’re using the correct base URL
Rate Limiting
API keys are subject to rate limits:- 100 requests per minute for standard endpoints
- 10 concurrent streams for streaming endpoints