troviale.

Authentication

How Troviale API keys work — creating them, sending them, scoping budgets, and rotating them safely.

Every request to the gateway is authenticated with a Troviale API key passed as a bearer token.

The Authorization header

Send your key in the Authorization header:

Authorization: Bearer YOUR_TROVIALE_KEY

OpenAI-compatible SDKs do this for you when you set the api_key option.

Creating keys

Create keys from the keys page in your dashboard. Each key:

  • Is shown in full once, at creation. Store it somewhere safe.
  • Is tracked independently for spend and usage.
  • Can be revoked at any time without affecting your other keys.

A good practice is one key per application or environment — for example a separate key for staging and production — so you can revoke a single key without disrupting everything else.

Budgets and limits

Keys draw down from your wallet. You can set a per-key budget so a single application can never spend more than its allocation, even if the wallet has a larger balance.

Rotating a key

To rotate, create a new key, deploy it, then revoke the old one. Because keys are independent, there is no downtime — both work until you revoke.

Never embed a key in client-side code or commit it to version control. Treat it like a password: keep it server-side and load it from an environment variable.

Quickstart

Make your first request to the Troviale gateway in under a minute using curl, Python, or JavaScript.

API keys

How Troviale API keys map to gateway access, spend tracking, and per-key budgets.

On this page

The Authorization headerCreating keysBudgets and limitsRotating a key