Skip to main content

API Keys

All Mavera API requests require authentication using an API key. API keys are passed via the Authorization header as a Bearer token. 
Authorization: Bearer mvra_live_your_key_here

Creating an API Key

1

Navigate to Developer Settings

Go to app.mavera.io/settings/developer
2

Click Create API Key

Give your key a descriptive name (e.g., “Production Server”, “Development”)
3

Copy Your Key

Copy the key immediately. For security, it won’t be displayed again.

Key Format

Mavera API keys follow this format: 
mvra_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Prefix: mvra_live_ indicates a live production key
  • Length: 32+ characters total

Using Your Key

from openai import OpenAI

client = OpenAI(
    api_key="mvra_live_your_key_here",
    base_url="https://app.mavera.io/api/v1",
)

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs.

Do’s

Store keys in environment variables
Use secrets management (AWS Secrets Manager, HashiCorp Vault, etc.)
Rotate keys periodically
Use different keys for development and production
Revoke compromised keys immediately

Don’ts

Environment Variables

Store your API key in an environment variable:
.env
MAVERA_API_KEY=mvra_live_your_key_here
Then access it in your code: 
import os
from openai import OpenAI

client = OpenAI(
    api_key=os.environ["MAVERA_API_KEY"],
    base_url="https://app.mavera.io/api/v1",
)

Key Management

Viewing Keys

View all your API keys at Settings > Developer. You’ll see:
  • Key name
  • Creation date
  • Last used date
  • Partial key preview (last 4 characters)

Revoking Keys

To revoke a key:
  1. Go to Settings > Developer
  2. Find the key you want to revoke
  3. Click the delete/revoke button
  4. Confirm the action
Revoking a key is immediate and irreversible. All requests using that key will fail with a 401 error.

Authentication Errors

StatusCodeDescription
401missing_api_keyNo Authorization header provided
401invalid_api_keyKey format is invalid or key doesn’t exist
401revoked_api_keyKey has been revoked
401expired_api_keyKey has expired (if expiration was set)
Example error response: 
{
  "error": {
    "message": "Invalid API key. Ensure your key starts with 'mvra_live_' and has not been revoked.",
    "type": "authentication_error",
    "code": "invalid_api_key",
    "param": null
  }
}

Subscription Requirement

API keys are tied to your subscription. You must have an active subscription to use the API. If your subscription expires:
  • Existing keys remain valid but will return 402 errors
  • You cannot create new keys
  • Renewing your subscription restores API access