Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.usehasp.com/llms.txt

Use this file to discover all available pages before exploring further.

The Hasp AI API authenticates every request via an API key. No OAuth flow, no session cookies — just a Bearer token.

API key format

wa_live_<32 random hex characters>
Keys are issued with the prefix wa_live_ and are globally unique. The full token is shown exactly once on creation. Hasp stores only a SHA-256 hash — if you lose the token, revoke it and issue a new one.

Sending the token

Pass the key in the Authorization header on every request: 
Authorization: Bearer wa_live_your_key_here

Scopes

Every API key has one or more scopes. A request to a route protected by a scope the key does not have returns 403 MISSING_SCOPE.
ScopeGrants access to
ai:chatPOST /v1/ai/chat, POST /v1/messages
ai:documentsDocument upload and retrieval endpoints
ai:embeddingsEmbeddings endpoint
ai:summarizeSummarize endpoint
control:readGET /v1/api_keys, GET /v1/usage, GET /v1/usage/budget, PUT /v1/usage/budget, GET /v1/audit
control:webhooksGET /v1/webhooks, POST /v1/webhooks, DELETE /v1/webhooks/{id}
Assign only the scopes a key needs. A key used for chat-only integrations should carry only ai:chat.

Creating keys

Via the dashboard: Settings → API Keys → New Key. Via the API (requires a key with control:read): 
curl -X POST https://api.usehasp.com/v1/api_keys \
  -H "Authorization: Bearer wa_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-chat-service",
    "scopes": ["ai:chat"]
  }'
See Control: API Keys for the full endpoint reference.

BAA requirement

All requests additionally require an active Business Associate Agreement (BAA) on your organization. If your org has no active BAA, every request — regardless of key validity — returns: 
{
  "success": false,
  "error": {
    "code": "BAA_REQUIRED",
    "type": "payment_required",
    "message": "An active Business Associate Agreement is required to use the AI API.",
    "retryable": false,
    "request_id": "req_..."
  }
}
Sign the BAA in Settings → Compliance → Business Associate Agreement.

Error responses

CodeHTTPMeaning
INVALID_API_KEY401Token not found, malformed, or revoked
BAA_REQUIRED402No active BAA on the org
MISSING_SCOPE403Key exists but lacks the required scope