Skip to main content
An API key is a secret token that identifies your organization when your app calls the Agni API.
Think of it like a password for server-to-server access.

What is an API key

  • It proves the request is coming from your Agni workspace.
  • It controls access to protected API endpoints.
  • It should only be used in trusted backend environments.
Never put your API key in frontend code, public Git repositories, or client-side apps.

Where to get your API key

  1. Sign in to https://app.ravan.ai.
  2. Open Settings.
  3. Go to Security & Access > API Keys.
  4. Click + New Key.
  5. Copy it immediately and store it securely.
Settings page showing the Security and Access API Keys section
You can only view a newly generated key once.

How Agni uses your API key

Send your key in the X-Api-Key header on every API request. 
curl https://api.ravan.ai/api/v1/agents/ \
  -H "X-Api-Key: YOUR_API_KEY"
If the key is missing, invalid, or revoked, the API returns 401 Unauthorized.

Developer implementation guide

Use your API key only on the server side, and inject it from environment variables. 
# .env
AGNI_API_KEY=your_real_key_here

const response = await fetch("https://api.ravan.ai/api/v1/agents/", {
  method: "GET",
  headers: {
    "X-Api-Key": process.env.AGNI_API_KEY
  }
});

Security best practices

  • Rotate keys regularly.
  • Use separate keys for staging and production.
  • Revoke compromised keys immediately.
  • Do not share keys in chat, tickets, or screenshots.
  • Audit logs when you see unexpected API behavior.

Troubleshooting

If requests fail with 401:
  • Confirm the header name is exactly X-Api-Key.
  • Check there are no extra spaces in the key value.
  • Ensure you are using an active key from the correct workspace.
  • Regenerate the key and update your server environment.