Authentication.

All API requests require authentication via API key. Keys are scoped to your organization and can be created and revoked from the dashboard.

API key format

AppVet API keys use the prefix avk_live_ followed by 40 random alphanumeric characters:

      avk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8
    

The avk_live_ prefix makes it easy to identify AppVet keys in secret scanners and environment audits.

Creating API keys

Go to the API Keys section in the dashboard and click Create Key. Give it a descriptive name (e.g., "CI Pipeline", "Dev Machine").

The full key is shown only once on creation. Store it securely — if you lose it, revoke the old key and create a new one.

How to authenticate

There are three ways to pass your API key. All methods are equivalent — use whichever fits your setup.

1. Authorization header (recommended)

Pass the key as a Bearer token:

      curl https://appvet.dev/v1/scan/scan_abc123 \
  -H "Authorization: Bearer avk_live_your_key_here"
    

2. Environment variable

Set APPVET_API_KEY in your environment. The CLI and SDKs read this automatically:

      export APPVET_API_KEY=avk_live_your_key_here
appvet scan https://example.com --type security
    

3. Config file

Store the key in ~/.appvet/config.json:

{
  "api_key": "avk_live_your_key_here"
}

The CLI checks for this file as a fallback when no environment variable or header is set.

Rate limiting

API requests are rate-limited per API key. When you exceed your limit, the API returns 429 Too Many Requests. Rate limit status is included in every response:

      X-RateLimit-Limit: 30
X-RateLimit-Remaining: 28
X-RateLimit-Reset: 1711800000
    

Rate limits

Need higher limits? Contact us for custom plans.

Key security best practices

• Never commit API keys to version control.
• Use separate keys for CI/CD and local development.
• Revoke keys immediately if exposed.
• Rotate keys periodically (monthly recommended).
• Use your CI/CD platform's secret management (GitHub Actions secrets, GitLab CI variables, etc.).