API Keys

API keys authenticate your requests to the execution API. Every call to invoke a tool requires an API key in the Authorization header.

API keys are scoped to your organization. Any key from your org can invoke any tool your org has access to.

---

Generating a key

1. Go to Settings → Workspace → API Keys
2. Click Generate New Token
3. Enter a name for the key (e.g. production, ci-pipeline)
4. Select an expiration date (up to 1 year from today)
5. Click Generate

Caution

The key is shown once immediately after generation — copy it now. It will not be shown again.

---

Using a key

Pass the key directly in the Authorization header — no Bearer prefix:

curl 'https://cortexconnect.rival.io/api/v1/functions/{function_id}/{version}/invoke' \
  --header 'Authorization: <your_api_key>' \
  --header 'Content-Type: application/json' \
  --data '{"event": {"key": "value"}}'

---

Managing keys

Your existing keys are listed under Settings → Workspace → API Keys. Each entry shows:

• Key name
• Number of times used
• Expiration date
• Expired badge (if past expiry)

---

Revoking a key

Click Remove on any key to permanently delete it. This immediately invalidates the key — any request using it will be rejected. This action cannot be undone.

---

Best practices

• Give each key a descriptive name so you know where it is used
• Set an expiration date — avoid keys that never expire
• Rotate keys regularly for production workloads
• Never commit API keys to source control
• If a key is compromised, remove it immediately and generate a new one