All SDK API endpoints require an API key for authentication. API keys are prefixed with trvh_sdk_ and can be passed in two ways:
The full API key is shown only once when created. Store it securely — it cannot be retrieved later.
Key lifecycle
- Keys have an optional
expiresAt date. Expired keys are rejected automatically.
- Keys can be revoked at any time from the Tarvah Settings UI.
- Each key is scoped to
sdk:import permissions.
lastUsedAt is updated on every successful authentication.
Error responses