Authentication
Learn how to authenticate with the Hellcat API
API Keys
Generate API keys from your dashboard to authenticate API requests.
# Set your API key
export HELLCAT_API_KEY="hc_..."
# Use in requests
curl -H "Authorization: Bearer $HELLCAT_API_KEY" \
https://hellcat.pyrosec.gg/api/trpc/workflows.list
export HELLCAT_API_KEY="hc_..."
# Use in requests
curl -H "Authorization: Bearer $HELLCAT_API_KEY" \
https://hellcat.pyrosec.gg/api/trpc/workflows.list
JWT Tokens
User sessions are managed with JWT tokens. Tokens are automatically refreshed by the CLI.
Login via CLI
$ hellcat login
Email: user@example.com
Password: ********
✓ Logged in successfully
Email: user@example.com
Password: ********
✓ Logged in successfully
Configuration Files
User Config (~/.hellcat/config.json)
The CLI stores your credentials here:
{
"token": "eyJhbGciOiJIUzI1NiIs...",
"email": "user@example.com",
"apiUrl": "https://hellcat.pyrosec.gg"
}Admin Config (~/.luther/config.json)
The Luther admin CLI stores admin credentials separately:
{
"api_url": "https://hellcat.pyrosec.gg",
"refresh_token": "eyJhbGciOiJIUzI1NiIs..."
}Security Best Practices
- • Never commit tokens or API keys to git
- • Rotate API keys regularly
- • Use environment variables for automation
- • Keep ~/.hellcat/config.json permissions restricted (chmod 600)
- • Logout when done:
hellcat logout
🔒 Security Note
Your API keys and tokens provide full access to your account. Treat them like passwords and never share them.