Authentication
All API requests require a Bearer token in the Authorization header. Generate API keys from the Settings > Integrations page.
curl https://app.autorev.ai/api/v1/account \
-H "Authorization: Bearer ar_live_abc123..."
Key prefixes
Keys start with ar_live_ or ar_test_.
All keys, both ar_live_ and ar_test_, access production data and trigger real calls and SMS. A sandbox mode is not yet available, so ar_test_ keys currently behave exactly like live keys. Do not point CI or load tests at this API with real phone numbers.
Keys are shown once
Your API key is shown only once, at creation time. Store it securely. AutoRev stores only a SHA-256 hash of the key: on each request the Bearer token is hashed and looked up to resolve your tenant and scopes, so the plaintext key cannot be retrieved later. If you lose a key, revoke it and mint a new one.
Revocation
Create and revoke keys at Settings > Integrations. Revoking a key immediately stops it from authenticating.
Failure modes
| Status | Meaning |
|---|---|
401 | Invalid or missing API key. No retry will help; check the header and the key value. |
403 | The key is valid but lacks the scope required for this operation. See API keys and scopes. |
Every 4xx response includes a JSON body with an error message and usually a suggestion telling you how to fix the request; see Errors.