Generating API Keys

Creating an API Key

1. Navigate to Settings → API Keys.
2. Click Create API Key.
3. Enter a descriptive name (e.g., "CI/CD Pipeline" or "Terraform Integration").
4. Optionally set an expiration date. Keys without an expiration remain valid until manually revoked.
5. Click Generate.

The key is displayed once. Copy it immediately — you will not be able to view it again.

Key Format

All APVISO API keys use the prefix apvk_ followed by a random string:

apvk_1a2b3c4d5e6f7g8h9i0j...

The prefix makes it easy to identify APVISO keys in your configuration and enables automatic detection by secret scanning tools like GitHub Secret Scanning and GitGuardian.

Using Your API Key

Include the key in the Authorization header of API requests:

curl -H "Authorization: Bearer apvk_your_key_here" \
  https://api.apviso.com/v1/targets

All API endpoints require authentication. Requests without a valid key receive a 401 Unauthorized response.

Key Permissions

API keys inherit the permissions of the user who created them. If your account has access to 10 targets, the API key can access those same 10 targets.

Managing Keys

From Settings → API Keys you can:

• View — see key name, creation date, last used date, and expiration.
• Revoke — permanently disable a key. This takes effect immediately.
• Rotate — generate a new key and revoke the old one in a single action.

Security Best Practices

• Never commit API keys to version control. Use environment variables or a secrets manager.
• Create separate keys for different purposes (CI/CD, scripts, integrations) so you can revoke one without affecting others.
• Set expiration dates on keys used in temporary or project-based contexts.
• Regularly review your active keys in Settings → API Keys and revoke any that are no longer needed.
• Monitor the "last used" timestamp to identify unused keys.

Rate Limits

API keys are subject to the same rate limits as all API access: 120 requests per minute. See the API Rate Limits article for details.