X-Avala-Api-Key header with every request. All requests must be made over HTTPS.
Creating API Keys
- Log in to Mission Control.
- Navigate to Settings → API Keys.
- Click Create API Key.
- Give the key a descriptive name (e.g.,
production-backend,ci-pipeline). - Copy the key immediately.
Using API Keys
Pass your API key in theX-Avala-Api-Key header:
Managing API Keys
You can manage your API keys from Settings → API Keys in Mission Control:- View active keys — See all keys, their names, and creation dates.
- Revoke a key — Immediately invalidate a key. Revoked keys cannot be restored.
- Regenerate a key — Create a new key to replace an existing one.
Key Expiration
API keys do not expire by default. If your organization enforces key expiration policies, expired keys return a401 error. Regenerate the key from Mission Control to restore access.
Best Practices
Follow these guidelines to keep your API keys secure.
-
Use environment variables — Never hard-code API keys in source code. Load them from environment variables or a secrets manager.
- Rotate keys regularly — Revoke and regenerate keys on a recurring schedule, especially after team changes.
- Use separate keys per environment — Create distinct keys for development, staging, and production so you can revoke one without affecting others.
- Restrict access — Only share keys with the people and services that need them. Audit key usage periodically.