Skip to main content

Authentication

The Enhancv API uses API keys to authenticate requests. All API requests must include your API key in the Authorization header.

API Key Format

API keys follow this format:

enh_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Prefix: enh_live_ - Indicates this is a live production key
  • Key: 64 random characters

Authentication Method

Include your API key in the Authorization header using the Bearer authentication scheme:

Authorization: Bearer YOUR_API_KEY

Examples

cURL

curl https://api.enhancv.com/api/v1/resumes \
  -H "Authorization: Bearer enh_live_your_api_key_here"

JavaScript (Node.js)

const fetch = require('node-fetch');

const apiKey = 'enh_live_your_api_key_here';

fetch('https://api.enhancv.com/api/v1/resumes', {
  headers: {
    'Authorization': `Bearer ${apiKey}`
  }
})
  .then(response => response.json())
  .then(data => console.log(data));

Python

import requests

api_key = 'enh_live_your_api_key_here'

headers = {
    'Authorization': f'Bearer {api_key}'
}

response = requests.get(
    'https://api.enhancv.com/api/v1/resumes',
    headers=headers
)

data = response.json()
print(data)

Managing API Keys

Creating an API Key

  1. Log in to your Enhancv account
  2. Go to Account SettingsProfile
  3. Scroll to API Keys section
  4. Click Generate New API Key
  5. Copy the key immediately - it won't be shown again

Viewing API Keys

You can view all your API keys in the account settings. For security reasons, only a masked version is displayed (e.g., enh_live_abc***************).

Deleting an API Key

If you believe your API key has been compromised:

  1. Go to Account SettingsProfile
  2. Find the compromised key in the API Keys section
  3. Click Delete
  4. Generate a new key immediately
Key Compromise

If your API key is exposed, delete it immediately and generate a new one. Exposed keys can be used to access your account data.

Security Best Practices

✅ Do's

  • Store API keys in environment variables
  • Use different keys for different environments (if needed)
  • Rotate keys periodically
  • Delete unused keys
  • Use HTTPS for all API requests

❌ Don'ts

  • Never commit API keys to version control
  • Don't share API keys in emails or chat
  • Don't expose keys in client-side code
  • Don't reuse keys across multiple applications
  • Don't log API keys

Authentication Errors

401 Unauthorized

Missing API Key

{
  "error": "Missing Authorization header",
  "status": 401
}

Invalid API Key

{
  "error": "Invalid API key",
  "status": 401
}

403 Forbidden

Business Plan Required

{
  "error": "API access requires a business plan",
  "status": 403
}

This error occurs when your account doesn't have an active business plan. Upgrade your account to access the API.

Need Help?

If you're having trouble with authentication, contact our support team at support@enhancv.com.