Guide Docs API keys Start 14-day Pro trial

CVERiskPilotAPI Docs

Developer Guide API Reference Resources Release Notes

API Keys

One workspace. One key. One billing path.

Don’t make users build an organization by hand first. Create the workspace, reveal the first key, and let billing and usage follow the same path.

Start 14-day Pro trial Create free workspace

Workspace ownership

Keys belong to the organization, not an individual user.

Hosted security access

The same key surface should unlock ingestion, triage, and hosted APIs.

Usage-aware controls

Track requests, spend, limits, rotation, and token usage per key.

Key workspace

CVERiskPilot org

Create key

KeyLast usedSpend

crp_workspace_prod

crp_****m0AA

Apr 3, 2026

$14.14

Keys

active

Usage

1.64k

tokens

Status

Active

rotation healthy

Request example

curl -X POST https://cveriskpilot.com/api/v1/triage \
  -H "Content-Type: application/json" \
  -H "X-API-Key: crp_workspace_prod_..." \
  -d '{
    "cveIds": ["CVE-2026-1234"],
    "title": "Remote code execution in dependency",
    "severity": "CRITICAL"
  }'

How the key experience should work

Create the workspace, reveal the key, then manage both in one console.

Keep API access simple: free workspace or Pro trial first, then keys and usage live in the same place.

Create a free workspace or start a 14-day Pro trial

Get the first workspace key immediately

Use X-API-Key to call hosted routes

Manage keys, limits, and usage from the API Console

What the key system needs

More than secret generation.

Keys need billing, usage, limits, and rotation, not just secret generation.

Create, rotate, and revoke organization keys

Track last-used timestamp and request volume

Add spend limits and model access controls

Keep hosted API access aligned with the main workspace onboarding flow

Why this matters

Keys should not feel like a separate product from the workspace.

The clean path is: workspace, key, billing, usage. The API Console exists to keep those four things in one system.