Generating API Keys - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Generating API KeysAPI & MCPGenerating API Keys =================== How to create and manage API keys for programmatic access to the APVISO API. Creating an API Key ------------------- 1. Navigate to **Settings → API Keys**. 2. Click **Create API Key**. 3. Enter a descriptive name (e.g., "CI/CD Pipeline" or "Terraform Integration"). 4. Optionally set an expiration date. Keys without an expiration remain valid until manually revoked. 5. Click **Generate**. The key is displayed once. Copy it immediately — you will not be able to view it again. Key Format ---------- All APVISO API keys use the prefix `apvk_` followed by a random string: ``` apvk_1a2b3c4d5e6f7g8h9i0j... ``` The prefix makes it easy to identify APVISO keys in your configuration and enables automatic detection by secret pentesting tools like GitHub Secret Pentesting and GitGuardian. Using Your API Key ------------------ Include the key in the `X-API-Key` header of API requests: ```bash curl -H "X-API-Key: apvk_your_key_here" \ https://apviso.com/api/v1/targets ``` All API endpoints require authentication. Requests without a valid key receive a `401 Unauthorized` response. Key Permissions --------------- API keys inherit the permissions of the user who created them. If your account has access to 10 targets, the API key can access those same 10 targets. Managing Keys ------------- From **Settings → API Keys** you can: - **View** — see key name, creation date, last used date, and expiration. - **Revoke** — permanently disable a key. This takes effect immediately. - **Rotate** — generate a new key and revoke the old one in a single action. Security Best Practices ----------------------- - Never commit API keys to version control. Use environment variables or a secrets manager. - Create separate keys for different purposes (CI/CD, scripts, integrations) so you can revoke one without affecting others. - Set expiration dates on keys used in temporary or project-based contexts. - Regularly review your active keys in **Settings → API Keys** and revoke any that are no longer needed. - Monitor the "last used" timestamp to identify unused keys. Rate Limits ----------- API keys are subject to the same rate limits as all API access: 120 requests per minute. See the API Rate Limits article for details. ### Related Articles [API Rate Limits Understand APVISO's API rate limits, how to monitor usage via response headers, and how to handle 429 responses.](/docs/api-rate-limits)[MCP Server Setup Install and configure the APVISO MCP server for use with AI coding assistants like Cursor, Windsurf, and more.](/docs/mcp-server-setup)[Webhook Integration Set up custom webhooks to receive APVISO events at any HTTPS endpoint with signed payloads and automatic retries.](/docs/webhook-integration) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.