ScavioScavio

Authentication

All API requests require a valid API key sent as a Bearer token in the Authorization header.

Bearer Token

Include your API key in every request using the Authorization header:

Authorization: Bearer sk_live_your_api_key_here

Key Format

Scavio API keys follow this format:

  • sk_live_ -- production keys, used for live requests that consume credits
  • sk_test_ -- test keys, used for development and testing

Managing Keys

You can create, view, and revoke API keys from the Scavio Dashboard. We recommend:

  • Creating separate keys for each environment (dev, staging, prod)
  • Rotating keys periodically
  • Revoking keys immediately if compromised

Security Tips

  • Never expose API keys in client-side code or public repositories
  • Store keys in environment variables or a secrets manager
  • Use test keys during development to avoid consuming credits
  • Set up key restrictions in the dashboard to limit usage by IP or referrer

Error Responses

If authentication fails, the API returns a 401 Unauthorized response:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key"
  }
}