API Keys - Orova

Overview
Create an API key
Using API keys
Security best practices

Overview

API keys let you authenticate with the Orova API from your server or the embeddable widget. They’re an alternative to JWT tokens for server-to-server communication.

Create an API key

Go to Settings

In the dashboard, navigate to Settings → API Keys.

Create a key

Click Create API Key and give it a descriptive name.

Copy the key

Copy the key immediately — it’s only shown once.

Using API keys

Include the key in the x-api-key header:

curl https://app.orova.ai/api/agents \
  -H "x-api-key: sk_live_abc123..."

Or in the widget:

<script
  src="https://app.orova.ai/widget/orova-widget.js"
  data-api-key="sk_live_abc123..."
  ...
></script>

Security best practices

Never expose API keys in client-side JavaScript (except the widget data-api-key)
Rotate keys periodically
Use separate keys for different environments (dev, staging, production)
Delete unused keys promptly

Widget SDK

⌘I

SDKs

​Overview

​Create an API key

​Using API keys

​Security best practices

Overview

Create an API key

Using API keys

Security best practices