API keys
Create and manage API keys to authenticate server-side requests to the Pivra API.
Updated 6 Mar 2026
API keys let you authenticate programmatic requests to the Pivra API from your own server, scripts, or automation tools. They are separate from the embed key used by the chat widget.
Available on: Starter plan and above.
Creating an API key
- Go to Settings β Security
- Scroll to the API Keys section
- Enter a label (e.g. "Zapier integration", "CRM sync", "Internal dashboard")
- Click Create
- Copy the key immediately β it is shown only once and cannot be retrieved again
Store the key in a secure location such as your server's environment variables or a secrets manager. Never commit it to version control.
Using your API key
Pass the key in the Authorization header on every request:
Authorization: Bearer pivra_sk_xxxxxxxxxxxxxxxxxx
Example using curl:
curl https://pivra-api.fly.dev/api/leads \
-H "Authorization: Bearer pivra_sk_xxxxxxxxxxxxxxxxxx"
Available endpoints
The Pivra API is a REST API. Common use cases:
| Endpoint | Method | Description |
|---|---|---|
/api/leads | GET | List leads for your account |
/api/conversations | GET | List conversations |
/api/chatbots | GET | List your chatbots |
/api/sources | GET / POST | List or create knowledge sources |
/api/usage | GET | Current plan usage and limits |
Full API reference documentation is coming soon. In the meantime, the endpoints follow the same structure as the dashboard β reach out to support@pivra.ai for specific integration help.
Revoking a key
- Go to Settings β Security β API Keys
- Find the key by its label
- Click Revoke
- Confirm β the key stops working immediately
Any integration using that key will fail until you replace it with a new one. Create the new key first, update your integration, then revoke the old one to avoid downtime.
Security best practices
- One key per integration β use separate labelled keys so you can revoke one without breaking others
- Rotate keys periodically β create a new key, update your integration, then revoke the old one
- Never expose keys client-side β API keys are for server-to-server use only. The chat widget uses a separate public embed key
- Restrict to your server IP where possible β IP allowlisting is on the roadmap
Frequently asked questions
How many API keys can I create? There is no hard limit. Create as many labelled keys as you need for different integrations.
Is the API key the same as the embed key? No. The embed key (shown in Install β Embed code) is a read-only public key for the chat widget. API keys are secret and provide full read/write access to your account data.
Can I use the API to send messages to my chatbot programmatically? Not yet β the chat endpoint is designed for real-time widget use. Programmatic chat via API key is on the roadmap.
Was this helpful?
If you have questions or suggestions, email us at support@pivra.ai .