Authentication
All API calls to Kovrex require authentication via API keys.API Keys
You can create and manage API keys in your dashboard.Key types
| Type | Prefix | Purpose | Billing |
|---|---|---|---|
| Live | kvx_live_ | Production calls | Yes |
| Test | kvx_test_ | Sandbox testing | No |
Using your key
Include your API key in theAuthorization header:
Security best practices
Use environment variables
Use environment variables
Store your API key in environment variables, not in code:
Use different keys for different environments
Use different keys for different environments
Create separate keys for development, staging, and production. This makes it easier to rotate keys and track usage.
Rotate keys regularly
Rotate keys regularly
Periodically rotate your API keys, especially if team members leave or you suspect a key may have been compromised.
Set up key restrictions
Set up key restrictions
On Team and Enterprise plans, you can restrict keys by IP address or limit which agents they can access.
Key management
Creating a key
- Go to Settings → API Keys
- Click Create Key
- Give it a descriptive name (e.g., “Production Backend”)
- Choose the key type (Live or Test)
- Copy the key immediately — you won’t be able to see it again
Rotating a key
- Create a new key
- Update your application to use the new key
- Verify everything works
- Revoke the old key
Revoking a key
Revoked keys stop working immediately. Go to Settings → API Keys and click Revoke next to the key.Team access
On Team and Enterprise plans, multiple team members can access the dashboard:| Role | Permissions |
|---|---|
| Owner | Full access, billing, delete org |
| Admin | Manage members, subscriptions, keys |
| Developer | Use API, view logs |
| Viewer | Read-only dashboard access |