Skip to content
Ryvion

Authentication

All Ryvion API requests require authentication. Two methods are supported.

Authentication methods

Bearer token

Authorization: Bearer YOUR_API_KEY

This is the standard method and works with all OpenAI SDKs:

from openai import OpenAI

client = OpenAI(
    base_url="https://api.ryvion.ai/v1",
    api_key="YOUR_KEY",  # passed as Bearer token
)

X-API-Key header

X-API-Key: YOUR_API_KEY

Alternative header format, useful for direct HTTP calls:

curl https://api.ryvion.ai/v1/models \
  -H "X-API-Key: YOUR_API_KEY"

Both methods are equivalent. Use whichever fits your setup.

Getting an API key

  1. Sign up at ryvion.com/signup
  2. Go to API Keys in the dashboard
  3. Click "Create API key"
  4. Copy the key -- it is only shown once

Every new account includes a free tier. No credit card required.

API key management

Create a key

curl -X POST https://api.ryvion.ai/api/v1/auth/api-keys \
  -H "Authorization: Bearer EXISTING_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name":"my-new-key"}'

List keys

curl https://api.ryvion.ai/api/v1/auth/api-keys \
  -H "Authorization: Bearer YOUR_API_KEY"

Revoke a key

Revoke keys from the API Keys dashboard. Revoked keys are immediately invalid.

Scoped API keys

Create keys with specific permission scopes:

ScopePermissions
buyerFull access to inference, knowledge bases, agents, and billing
read-onlyRead access to models, knowledge bases, memories, and billing
write-onlyWrite access to inference and knowledge base uploads

Scoped keys let you follow the principle of least privilege. For example, give a production service a write-only key and a monitoring dashboard a read-only key.

Current user

Check your authentication status and account details:

curl https://api.ryvion.ai/api/v1/auth/me \
  -H "Authorization: Bearer YOUR_API_KEY"

Security best practices

  • Never commit API keys to version control
  • Use environment variables to store keys in your application
  • Create separate keys for development and production
  • Revoke unused keys from the dashboard
  • Use scoped keys with the minimum permissions needed
  • Rotate keys periodically by creating a new key and revoking the old one

MCP authentication

The MCP endpoint uses the same API key, passed in the Authorization header of the MCP server configuration:

{
  "mcpServers": {
    "ryvion": {
      "url": "https://api.ryvion.ai/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Error responses

StatusMeaning
401 UnauthorizedMissing or invalid API key
403 ForbiddenValid key but insufficient scope for the requested action
429 Too Many RequestsRate limit exceeded. See Rate Limits.