API keys
API keys authenticate requests to ingestion and dashboard API endpoints. Every key:- Starts with a short prefix (e.g.
av_a1b2c3d4) - Has one or more scopes that control what it can do
- Is shown in full once at creation — store it immediately
Scopes
| Scope | Purpose |
|---|---|
write | Required for all ingestion endpoints (/traces/batch, /otlp/v1/*) |
read | Required for dashboard read endpoints and the ping endpoint |
write scope to send traces.
Create an API key
Create a key
Click Create Key, enter a name (e.g.,
production), select the write scope, and confirm.Use the key in the SDK
Pass your key toagentvista.init():
Use the key in HTTP requests
Pass the key as a Bearer token in theAuthorization header:
{"status": "ok"}.
Verify a key
Use the ping endpoint to confirm a key is valid and has the expected scopes:Revoke a key
Go to Settings → API Keys, find the key by its prefix, and click Revoke. Revoked keys immediately stop authenticating requests. You can also revoke via the API:Error responses
| Status | Meaning |
|---|---|
401 Unauthorized | Missing or invalid API key |
403 Forbidden | Key is valid but lacks the required scope |
429 Too Many Requests | Monthly event limit exceeded for your plan |
429, check your usage in Settings → Billing and consider upgrading your plan or enabling spend caps.