Authentication

The Revnator public API is a versioned REST API under /api/v1. Every request is authenticated with an API key tied to your workspace. This page covers generating a key and authenticating requests.

Generating an API key

1. Open Settings → API in the Revnator app.
1. Click Generate key and give it a descriptive name, such as "Production sync".
1. Choose an expiry — Never, 30 days, 90 days, or 1 year.
1. Copy the key immediately. The full key is shown only once; afterwards only a masked preview is stored.

API keys have the form rvn_live_ followed by a long random string:

1rvn_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2
Copy

Authenticating a request

Send your key in the X-Revnator-API-Key header on every request. Revnator does not use the Authorization: Bearer scheme.

1curl https://app.revnator.com/api/v1/contacts \
2  -H "X-Revnator-API-Key: rvn_live_your_key_here"
Copy

Response shape

Every endpoint returns the same JSON envelope. A success has data populated and error null; a failure has data null and error set to a message string.

1{ "data": { "contacts": [], "total": 0 }, "error": null }
2
3{ "data": null, "error": "Invalid or revoked API key" }
Copy

Scopes

Each key carries scopes that define what it can do — read and write scopes for contacts, deals, sequences, tasks, accounts, plus analytics:read and ai:read / ai:write. By default a new key is granted the full set of scopes.

Key security

Treat an API key like a password. Never commit it to source control, embed it in client-side code, or paste it into shared documents. Only the SHA-256 hash of a key is stored — Revnator cannot recover a lost key, only replace it.