Skip to main content
To create and manage API tokens for your organization’s workspace, visit the “API Tokens” section in your workspace settings. If this section isn’t visible to you, contact your Customer Success Manager.
The Harvey API uses bearer token authentication. Include the token in the Authorization header of all API requests. 
curl https://api.harvey.ai/v2/endpoint \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json"
Your bearer tokens grant access to sensitive data and privileged operations, so they must be kept secure. Never share tokens in public repositories, client-side code, or unsecured channels. If you need to contact Harvey support, make sure to redact your token from any example requests or screenshots. All API requests must use HTTPS. Requests sent over HTTP or without authentication will be rejected.

Permissions

To help you further control what can be done with your bearer tokens, each token also has a managable permissions list which can be used to restrict what API endpoints can be used with the token. Consult the API Tokens setting page to learn more. Some permissions are only available if your workspace has been specially configured for them. See your Order Form, or email support@harvey.ai for details on which feature(s) your organization can use.

Country-Specific Endpoint URL

If your organization is using Harvey’s EU-hosted deployment, update the request URL to point to the EU API endpoint: https://eu.api.harvey.ai 
curl https://eu.api.harvey.ai/v2/endpoint \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json"
If your organization is using Harvey’s AU-hosted deployment, update the request URL to point to the AU API endpoint: https://au.api.harvey.ai 
curl https://au.api.harvey.ai/v2/endpoint \
  -H "Authorization: Bearer YOUR_TOKEN_HERE" \
  -H "Content-Type: application/json"

Testing Authentication

GET https://api.harvey.ai/api/whoami
Returns the underlying service user account associated with the API token, useful for testing that the token works or identifying which token has taken actions surfaced in audit logs.