Concepts
Authentication
The Renvo API uses bearer-token authentication. Generate keys in Settings → Developers.
Sending the key
Include your API key in the Authorization header on every request:
Authorization headerbash
curl 'https://userenvo.com/api/v1/customers' \
-H 'Authorization: Bearer rv_live_a3xQ9fKp2LmZqR8vBwYn4tEh'Key format
Renvo API keys look like:
rv_live_a3xQ9fKp2LmZqR8vBwYn4tEh
The rv_live_prefix identifies them as Renvo production keys. Treat them like passwords — they grant full access to your organization's data.
Key scopes
Each key has one of two scopes:
| Scope | Allowed methods |
|---|---|
read | GET |
read_write | GET, POST, PATCH, DELETE |
Error responses
If your key is missing, malformed, or revoked, you'll get:
401 Unauthorizedjson
{
"error": {
"type": "authentication_error",
"message": "Invalid API key."
}
}Best practices
- • Never commit keys to source control. Use environment variables.
- • Use
readscope wherever you don't need to mutate data. - • Generate separate keys per integration so you can revoke individually.
- • Rotate keys periodically — generate the new one, deploy, then revoke the old.