Skip to content
RVO Documentation

API Keys

API keys are the primary mechanism used by RVO to authenticate requests, apply limits, and attribute usage.

Each API key represents an independent workload boundary. Limits, quotas, and metrics are enforced per key, allowing you to control access and scale predictably.

What API keys are used for

Section titled “What API keys are used for”

Every request sent to RVO must include a valid API key.
The key determines:

  • Whether the request is authenticated
  • Which plan limits apply
  • How usage is counted
  • How errors and rejections are attributed

RVO does not infer identity from IP addresses, sessions, or heuristics.
Only the API key defines how a request is handled.

Key isolation and limits

Section titled “Key isolation and limits”

Each API key has its own:

  • Request-per-second limits
  • Daily request quota
  • Usage and error metrics

This isolation prevents noisy neighbors and allows you to:

  • Separate environments (development, staging, production)
  • Segment applications or services
  • Rotate keys without affecting unrelated workloads

If a key exceeds its limits, only that key is affected.

Using an API key

Section titled “Using an API key”

API keys are passed via the X-API-KEY HTTP header on every request:

X-API-KEY: your_api_key_here