Provenance
Authentication

API Keys

Authenticate with the Provenance API using API keys.

Every request to the Provenance API must include an API key in the x-api-key header. API keys are scoped to a single tenant and grant full access to that tenant's data.

Creating an API key

API keys are created from the platform dashboard.

  1. Navigate to API Keys in the sidebar.
  2. Click Create API Key.
  3. Give it a label (e.g. "Production", "CI/CD", "Local Dev").
  4. Copy the key immediately — it is only shown once.
curl https://provenance.onrender.com/api/interactions \
  -H "x-api-key: YOUR_API_KEY"

Managing keys

From the API Keys page you can:

  • View all active keys (only the prefix is shown, never the full key)
  • See when each key was last used
  • Revoke keys that are no longer needed

Revoking a key is immediate — any request using that key will be rejected.

Key format

API keys follow the format pak_ followed by 64 hex characters. They are hashed before storage — Provenance never stores your raw key.

Rate limits

API key requests are subject to your plan's rate limits:

PlanRequests / 15 min
Free100
Pro500
Business2,000

Best practices

  • Use separate keys for each environment (dev, staging, production).
  • Rotate keys periodically from the dashboard.
  • Never commit keys to source control — use environment variables.
  • Revoke keys immediately if compromised.

System Interactions

Interactions automatically created by the alert engine and notification queue.

OAuth (Client Credentials)

Machine-to-machine authentication using OAuth 2.0 client credentials.

On this page

Creating an API keyManaging keysKey formatRate limitsBest practices