Skip to main content

Security & Authentication

RevOps authenticates requests by using the API keys associated with your account. API keys for both revops-js and the RevOps platform can be viewed and managed through the API Keys page.

RevOps accounts are configured with a primary live environment and secondary sandbox environment for testing new configurations. Sandbox environment API keys are prefixed with pk_sandbox or sk_sandbox; Live enviroment API keys are prefixed with pk_live or sk_live.

API Key Accessibility

TypePrefixUse Cases
Public KeypkPublic API Keys are safe to use in public settings. This API key can only be used to access a limited set of resources and operations.
Secret KeyskSecret API Keys should only be used in secure environments and not exposed to end users. This API key can be used to access all API resources for the specific environment.

Note: Sandbox and Live APIs use different sets of keys to ensure data isolation.

Requests to RevOps are authenticated using the standard HTTP Authorization: Bearer header. Any request that does not include a valid API key will return a 401 Unauthorized error.

All API requests should be made over HTTPS to keep API keys secure during transit.


This example uses curl with a sandbox secret key to send RevOps a new usage event:

$> curl -X POST \
-H 'Authorization: Bearer sk_sandbox_<api_key>' \
-H 'Content-type: application/json' \
--data \
"event_metrics" : [
"account_id" : "customer-account-id",
"metadata" : {},
"product" : "My Awesome Product",
"metric_name" : "operation-in",
"metric_value" : 1000,
"metric_resolution" : "hour"
"mode" : "insert",
"transaction_id" : "user-driven unique identifier"