Developer documentation
Authentication
How to authenticate REST requests with RivetAI scoped API keys.
Token format
RivetAI API keys use the rivetai_sk_ prefix followed by a prefix segment and secret segment.
text
rivetai_sk_<prefix>_<secret>Request headers
Send the key as a Bearer token on every request. Use JSON for request bodies unless noted otherwise.
http
Authorization: Bearer rivetai_sk_YOUR_KEY
Content-Type: application/jsonKey lifecycle
- Default expiry is 90 days unless you choose a custom duration or no expiry
- Rotate keys to issue a new secret without changing scopes
- Revoke keys immediately. Active integrations receive 401 API_KEY_REVOKED
- Rate limit default: 600 requests per minute per key