Skip to main content
Every request to the Events API must be authenticated with two headers: an API key and your customer ID.

Generating API keys

1

Open Settings

Navigate to Settings → API Keys in the RevBridge AI dashboard.
2

Create a new key

Click Create API Key, give it a descriptive name (e.g., production-backend, staging-etl), and confirm.
3

Copy the key

The full API key is shown only once. Copy it immediately and store it in your secrets manager or environment variables.
API keys cannot be retrieved after creation. If you lose a key, revoke it and create a new one.

Required headers

Every API request must include both headers:
HeaderDescriptionExample
AuthorizationBearer token with your API keyBearer rbk_a1b2c3d4...
x-customer-idYour RevBridge customer IDcust_abc123

Example requests

curl -X POST https://api.revbridge.ai/ingest/events \
  -H "Authorization: Bearer rbk_a1b2c3d4e5f6g7h8" \
  -H "x-customer-id: cust_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "users": [
      {
        "identifiers": { "email": "jane@example.com" },
        "events": [
          { "event_name": "page_view", "page": "/pricing" }
        ]
      }
    ]
  }'

const response = await fetch("https://api.revbridge.ai/ingest/events", {
  method: "POST",
  headers: {
    "Authorization": "Bearer rbk_a1b2c3d4e5f6g7h8",
    "x-customer-id": "cust_abc123",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    users: [
      {
        identifiers: { email: "jane@example.com" },
        events: [
          { event_name: "page_view", page: "/pricing" },
        ],
      },
    ],
  }),
});

const data = await response.json();
console.log(data);

import requests

response = requests.post(
    "https://api.revbridge.ai/ingest/events",
    headers={
        "Authorization": "Bearer rbk_a1b2c3d4e5f6g7h8",
        "x-customer-id": "cust_abc123",
        "Content-Type": "application/json",
    },
    json={
        "users": [
            {
                "identifiers": {"email": "jane@example.com"},
                "events": [
                    {"event_name": "page_view", "page": "/pricing"}
                ],
            }
        ]
    },
)

print(response.json())

Security best practices

Follow these guidelines to keep your API keys safe.
  • Never expose keys in frontend code. API keys should only be used from server-side applications. Client-side code (browsers, mobile apps) can be inspected by anyone.
  • Use environment variables. Store keys in your secrets manager or .env files — never hardcode them in source code.
  • Rotate keys periodically. Create a new key, update your systems, then revoke the old one. RevBridge supports multiple active keys to enable zero-downtime rotation.
  • Use separate keys per environment. Create distinct keys for development, staging, and production so you can revoke one without affecting others.
  • Restrict access. Only team members who need API access should have visibility into key values.