Skip to main content
Send x-api-key on every developer request.

Requirements

  • Keep keys on the server.
  • Never ship keys in browser bundles or mobile clients.
  • Use separate test and live keys.
  • Include the header on every /api/developer/* request.

Example

x-api-key: rh_test_...
Keys are shown once when they are created or rotated. Store them immediately and reject the request before any provider call starts if the key is missing or invalid.