Account¶
The /v1/account surface is your self-service management area — profile, usage history, API keys, connected integrations, and account settings.
Session authentication, not an API key
This is a credential-management surface, so it requires a logged-in session — the companions_session cookie set when you sign in (or the equivalent Authorization: Bearer <session token>). An API key is rejected with 401 here. This is deliberate: a key baked into a script must not be able to enumerate your other credentials or mint new ones. In practice these endpoints back the account dashboard.
Profile¶
GET /v1/account/me¶
Return the logged-in user's profile. A 401 means you are not logged in.
Response 200
| Field | Type | Description |
|---|---|---|
id | string | User id. |
email | string | Account email. |
name | string | Display name. |
email_verified | boolean | Whether the email is verified. |
balance | number | Current balance. |
created_at | string | ISO-8601 timestamp. |
Usage¶
GET /v1/account/usage¶
Your engine runs, newest first, each with its net cost (a fully refunded failed run reads 0.0). Cursor-paginated.
| Parameter | In | Type | Description |
|---|---|---|---|
limit | query | integer | Page size, 1–200 (default 50). |
before | query | string | Pass the oldest row's created_at to fetch the next page. |
Response 200 — an array of runs.
| Field | Type | Description |
|---|---|---|
id | string | Run id. |
kind | string | Run kind. |
mode | string | Completion mode, if applicable. |
status | string | Terminal status. |
cost | number | Net ledger cost of the run. |
created_at / finished_at | string | Timestamps. |
A page shorter than limit is the last one.
API keys¶
GET /v1/account/keys¶
List your active keys — fingerprints (key_prefix) only, never plaintext.
POST /v1/account/keys¶
Mint a new key. The plaintext key is returned exactly once — copy it now.
| Field | Type | Required | Description |
|---|---|---|---|
label | string | — | An optional human label. |
const res = await fetch("https://api.humx.ai/v1/account/keys", {
method: "POST",
headers: {
Authorization: `Bearer ${process.env.COMPANIONS_SESSION}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ label: "ci-pipeline" }),
});
const { key } = await res.json(); // shown once — store it now
Response 200
| Field | Type | Description |
|---|---|---|
id | string | Key id (use it to revoke). |
key | string | The plaintext key — shown once. |
key_prefix | string | The fingerprint shown in listings. |
label | string | Your label, if set. |
created_at | string | ISO-8601 timestamp. |
You may hold up to 5 active keys; a 6th returns 409.
DELETE /v1/account/keys/{key_id}¶
Revoke a key you own. Returns 204; an unknown or already-revoked key returns 404.
Integrations¶
Integrations are OAuth clients connected to your account — MCP clients like Claude Code or Codex that signed in through the OAuth flow.
GET /v1/account/integrations¶
List connected clients, one row per client.
| Field | Type | Description |
|---|---|---|
client_id | string | The client id. |
client_name | string | The client's registered name. |
scopes | string[] | Granted scopes. |
granted_at | string | When consent was granted (disambiguates repeat installs). |
DELETE /v1/account/integrations/{client_id}¶
Revoke a client's consent and all tokens minted under it. Returns 204.
Note
A just-revoked token can keep working for up to ~45 seconds while a cached authorization verdict expires.
Account settings¶
Account-wide defaults applied to every run unless a single completion overrides them via settings.
GET /v1/account/settings¶
Return your resolved settings — every key present, defaults filled in.
| Field | Type | Default | Description |
|---|---|---|---|
zdr | boolean | false | Zero Data Retention. When true, every run uses only providers that do not retain prompt/completion data (and fails if none serves the chosen model). |
web_search | boolean | false | When true, personas may search the web and cite live sources (adds provider search cost). |
PUT /v1/account/settings¶
Patch your settings. Only fields present in the body are written; omit a field to leave it unchanged. Returns the full resolved object.
const res = await fetch("https://api.humx.ai/v1/account/settings", {
method: "PUT",
headers: {
Authorization: `Bearer ${process.env.COMPANIONS_SESSION!}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ zdr: true, web_search: true }),
});
const settings = (await res.json()) as { zdr: boolean; web_search: boolean };
| Field | Type | Description |
|---|---|---|
zdr | boolean | Set the account-wide ZDR default. |
web_search | boolean | Set the account-wide web-search default. |