API Key Access

Thanks for the info, Chris!

It is unlikely that we will provide "API users" that do not correspond to an actual user in Aha!. We need the user record so that permissions can be applied to access through the API.

However, if it desire is to have an "API key" that can be used instead of the email/password combination in order to access the API then that is possible today with a bit of work:

1. The API supports access with OAuth tokens: http://www.aha.io/api/oauth2. An OAuth token can be considered to be the same as an API key.
2. You can generate an OAuth token in your browser without writing any code, but with some careful URL editing.
3. Follow the instructions for registering an application. You can enter anything for the redirect_uri, it is not actually used, e.g. https://localhost/.
4. Then in the request to /oauth/authorize use the "token" value for "response_type". Then after the authentication the URL will contain the token.
5. This token won't expire and can be used in API calls. You can see the tokens you have generated, and revoke them, by going to https://secure.aha.io/oauth/authorized_applications 

Although this is not documented or supported directly in the UI it is safe to use since it is using the underlying OAuth infrastructure that is used for many integrations. In the future we plan to add a UI to make these steps easier.