Ctrlk
API DOCS
For the complete documentation index, see llms.txt. This page is also available as Markdown.

API Key Permissions

Revenium API keys use scoped prefixes for metering, write access, and read-only integrations. Choose the narrowest scope your integration needs.

Revenium API keys authenticate SDKs, middleware, OpenTelemetry exporters, CLI tools, MCP servers, and administrative integrations. Each scoped key prefix shows what the key is allowed to do. Use the narrowest key that supports the workflow you are configuring.

Key Types

Every Revenium scoped API key carries a prefix indicating its permission scope:

Prefix
Scope
Recommended use

rev_mk_

Metering-only

Production applications, SDK ingestion, middleware, and OpenTelemetry exporters that only need to send metering events.

rev_sk_

Write / full-access

MCP servers, administrative scripts, outcome-reporting workflows, provisioning tools, and integrations that need to create or modify Revenium resources.

rev_rk_

Read-only

Dashboards, reports, audit tools, and internal automation that only needs to read Revenium data.

Choosing the Right Scope

Pick the narrowest scope that the integration needs:

  • Use a metering-only (rev_mk_) key for SDK, middleware, and OTLP integrations that only send usage or telemetry data.

  • Use a write/full-access (rev_sk_) key for MCP servers, account automation, provisioning scripts, and outcome-reporting workflows.

  • Use a read-only (rev_rk_) key for dashboards, reports, or audit tooling that should not create or modify resources.

When a page gives integration-specific guidance, follow that page's key scope. For example, OpenTelemetry Integration uses rev_mk_, while MCP Server uses rev_sk_.

Creating and Managing Keys

Keys are managed on the Connections → SDK Setup page in the Revenium UI:

  • Create — The Create Key dialog lets you pick the scope (Full Access / Read Only / Metering Only) and name the key before it's issued.

  • View — The Revenium API Keys table shows each key's name, its scope, the last four characters of the secret, expiry, creator, and creation date. Only the last four characters of the secret are shown after creation — the full value is displayed only once, when the key is created.

  • Rename — Click the pencil icon in the Actions column (or the key's name) to rename a key inline. Names are free-form and meant to describe where the key is used (e.g., "Production ingestion — us-east", "Finance dashboard").

  • Delete — Use the delete icon in the Actions column to revoke a key.

Key Format

Scoped keys have the shape:

Where PREFIX is one of rev_mk_, rev_sk_, or rev_rk_; TENANT_ID is your encoded organization identifier; and SECRET is the secret key material.

Treat API keys as secrets. Do not commit keys to source control, paste them into chat logs, or share them in screenshots. Full-access keys can modify and delete resources; metering-only keys can still generate billable events. Revoke any key you suspect has been exposed.

Related

PreviousSDK SetupNextRate Limits

Last updated

Was this helpful?