Security

All operations with our API must be executed over HTTPS. These are the endpoints to our two environments:

Each request must be authenticated. To do so, you must pass along an authentication string as value to the Authorization header in each HTTP request. The value of the Authorization header looks like the following:

Rev [Client API Key]:[User API Key]

Where:

  • Client API Key: A secret key specific to each partner that wishes to use the Rev API.
  • User API Key: A secret key specific to a Rev user. It identifies the user account under which the requested operation executes.

For example, if your client API key is 0123456789, and your user API key is ABCDEFGHIJ, then the Authorization header of each of your requests would look like the following:

Authorization: Rev 0123456789:ABCDEFGHIJ

The keys you receive when you request API access are valid only in our Sandbox environment. When you’re ready to go live, we send you your production keys. For a detailed description of security, please visit https://www.rev.com/api/security.