API keys authenticate event ingestion. Each app has its own API key.
vela_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
How API keys are created
An API key is automatically generated when you create a new app, either through the dashboard or via the Management API:
const { app, apiKey } = await client.apps.create({ name: 'Order Service' });
// apiKey: "vela_live_..." -- shown only once
The full API key is returned only at creation time and during key rotation. Store it immediately.
Using in your code
import { VelaIngestClient } from '@vela/sdk';
const ingest = new VelaIngestClient(process.env.VELA_API_KEY);
await ingest.ingest({
event: 'order.placed',
data: { orderId: 'ord_1', amountCents: 4999 },
level: 'info',
});
Rotating an API key
If a key is compromised, rotate it immediately. The old key is revoked instantly.
const { app, apiKey } = await client.apps.rotateKey('order-service');
// Old key is immediately invalid
Key rotation is irreversible. Update all services using the old key before or immediately after rotating.
