Authentication
All API requests require authentication using an API key.
API Keys
Create API keys in your dashboard. Each key has:
- Name - For your reference (e.g., "Production", "Staging")
- Environment - Sandbox or Live
- Key Prefix -
env_sandbox_orenv_live_
Security
API keys are only shown once when created. Store them securely and never commit them to version control.
Using Your API Key
Include your API key in the X-API-Key header:
bash
curl -X POST https://api.envoice.dev/v1/generate \
-H "X-API-Key: env_live_your_key_here" \
-H "Content-Type: application/json" \
-d '{"template": "minimal", "invoice": {...}}'Sandbox vs Live
| Feature | Sandbox | Live |
|---|---|---|
| Prefix | env_sandbox_ | env_live_ |
| Usage | Unlimited | Counts against quota |
| Watermark | Yes | No |
| Validation | Full | Full |
| Best for | Development, testing | Production |
Key Management
- Rotate keys regularly - Create a new key and update your applications before deleting the old one
- Use separate keys - Create different keys for development, staging, and production
- Monitor usage - Check the usage dashboard to track API calls
Rate Limits
| Plan | Requests/minute |
|---|---|
| Sandbox | 60 |
| Starter | 120 |
| Pro | 300 |
If you exceed the rate limit, you'll receive a 429 Too Many Requests response.
Error Responses
Invalid API Key
json
{
"error": "invalid_api_key",
"message": "The provided API key is invalid or has been revoked"
}Missing API Key
json
{
"error": "missing_api_key",
"message": "No API key provided. Include it in the X-API-Key header"
}Quota Exceeded
json
{
"error": "quota_exceeded",
"message": "Monthly quota exceeded. Upgrade your plan or wait until next month"
}