Skip to main content

API Key

An API key identifies the developer account making a request to GVR developer APIs.

Manage your key

Create, view, rotate, or delete your API key from the GVR application. The docs only cover how to use the key once it is available in your account.

Use a key

Send your key to developer endpoints with the apiKey request header:

apiKey: YOUR_API_KEY

For JSON requests, include the normal JSON content type as well:

Content-Type: application/json
apiKey: YOUR_API_KEY

For file uploads, send the key with the multipart form request.

Key lifecycle

If a key is rotated or deleted in the GVR application, requests using the old key will fail with:

{
"error": "Invalid API key"
}

Security notes

  • Store keys in server-side environment variables.
  • Do not commit keys to a repository.
  • Do not expose keys in public frontend bundles.
  • Rotate keys from the GVR application if a key is shared accidentally.