Sign in to the Dashboard
Go to lk.uvio.chat and authenticate via OTP.
Authentication
All requests to the Uvio Notify API are authenticated using an API key passed in the X-API-Key header.
How It Works
The Uvio Notify API uses API key authentication. Each key is bound to a specific company — the server automatically identifies your company from the key, so there is no need to pass a Company ID separately.
Include the X-API-Key header with every HTTP request:
HTTP
curl -X GET https://api.uvio.chat/notify/v1/health \
-H "X-API-Key: sk_live_your_secret_key"
Requests without the X-API-Key header or with an invalid key will receive a 401 Unauthorized response.
Getting Your API Key
API keys are created in the Company Dashboard. You need an approved company registration to access it. If you haven't registered yet, start with the Getting Started guide.
1
2
Open API Keys
Navigate to Settings → API Keys.
3
Generate a New Key
Click Generate New API Key. The key is shown only once — copy it immediately.
Important
The API key is displayed only once at creation time. If you lose it, revoke the old key and generate a new one.
Using the Key
Pass the key in the X-API-Key header. Here are examples in different languages.
cURL
Bash
curl -X POST https://api.uvio.chat/notify/v1/otps \
-H "Content-Type: application/json" \
-H "X-API-Key: $UVIO_API_KEY" \
-d '{"identifier": "user@example.com", "identifier_type": "email"}'Python
Python
import os
import requests
API_KEY = os.getenv("UVIO_API_KEY")
BASE_URL = "https://api.uvio.chat/notify/v1"
response = requests.post(
f"{BASE_URL}/otps",
headers={
"Content-Type": "application/json",
"X-API-Key": API_KEY,
},
json={
"identifier": "user@example.com",
"identifier_type": "email",
},
)
print(response.json())JavaScript / Node.js
JavaScript
const API_KEY = process.env.UVIO_API_KEY;
const BASE_URL = "https://api.uvio.chat/notify/v1";
const response = await fetch(`${BASE_URL}/otps`, {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-API-Key": API_KEY,
},
body: JSON.stringify({
identifier: "user@example.com",
identifier_type: "email",
}),
});
const data = await response.json();
console.log(data);Error Responses
When authentication fails, the API returns one of the following HTTP status codes:
| Status | Reason | Action |
|---|---|---|
| 401 | Missing or invalid API key | Check the X-API-Key header. Ensure the key is copied in full and has not been revoked. |
| 403 | Company not active or API access disabled | Ensure your company registration is approved and API access is enabled in the Dashboard. |
| 429 | Rate limit exceeded | Wait and retry. Respect the rate limits for your tier. |
Example Error Response
401 Unauthorized
{
"error": "Unauthorized",
"details": "Invalid API key"
}Security Best Practices
Your API key grants full access to your company's operations. Treat it like a password.
Do
- • Store keys in environment variables
- • Use separate keys for dev/staging/prod
- • Rotate keys every 90 days
- • Use HTTPS for all requests
- • Revoke compromised keys immediately
Don't
- • Commit keys to source control
- • Pass keys in URL query parameters
- • Use keys in client-side code (browser JS)
- • Log keys or send them to error trackers
- • Share a single key across multiple services
Key Management
You can create and revoke keys in the Dashboard. We recommend keeping no more than two active keys at a time — one primary and one backup for rotation.
Key Rotation
Zero-downtime key rotation procedure:
1
Generate a new key
Create a new key in the Dashboard. The old key continues to work.
2
Update your configuration
Replace the old key with the new one in your service's environment variables and deploy.
3
Revoke the old key
After a successful deploy, revoke the old key in the Dashboard.
Base URL & Headers
All Notify API requests use a single base URL with required headers.
| Parameter | Value |
|---|---|
| Base URL | https://api.uvio.chat/notify/v1 |
| X-API-Key | Your API key (required) |
| Content-Type | application/json for JSON requests, multipart/form-data for file uploads |
Timezones
All timestamps in requests and responses use UTC in ISO 8601 format with a trailing Z, for example: 2024-01-01T12:00:00Z.
Next Steps
Now that you know how to authenticate requests, explore specific APIs: