Security & Authentication
RevOps authenticates requests by using the API keys associated with your account. API keys for both revops-js and the RevOps platform can be viewed and managed through the API Keys page.
RevOps accounts are configured with a primary live environment
and secondary sandbox environment for testing new configurations.
Sandbox environment API keys are prefixed with pk_sandbox or
sk_sandbox; Live enviroment API keys are prefixed with pk_live
or sk_live.
API Key Accessibility
| Type | Prefix | Use Cases |
|---|---|---|
| Public Key | pk | Public API Keys are safe to use in public settings. This API key can only be used to access a limited set of resources and operations. |
| Secret Key | sk | Secret API Keys should only be used in secure environments and not exposed to end users. This API key can be used to access all API resources for the specific environment. |
Note: Sandbox and Live APIs use different sets of keys to ensure data isolation.
Requests to RevOps are authenticated using the standard HTTP
Authorization: Bearer header. Any request that does not include
a valid API key will return a 401 Unauthorized error.
All API requests should be made over HTTPS to keep API keys secure during transit.
Examples
This example uses curl with a sandbox secret key to send RevOps a new usage event:
$> curl -X POST https://api.revops.io/v1/usage/events \
-H 'Authorization: Bearer sk_sandbox_<api_key>' \
-H 'Content-type: application/json' \
--data \
'{
"event_metrics" : [
{
"account_id" : "customer-account-id",
"metadata" : {},
"product" : "My Awesome Product",
"metric_name" : "operation-in",
"metric_value" : 1000,
"metric_resolution" : "hour"
}
],
"mode" : "insert",
"transaction_id" : "user-driven unique identifier"
}'