Skip to main content

Key management

In the Velora app dashboard, there’s an API section. Signed-in users can create, list, and revoke keys.

Header format

Send your API key in x-api-key. 
x-api-key: YOUR_KEY

Example request

curl -H "x-api-key: YOUR_KEY" \
  "https://api.velora.crickdevs.com/api/songs?limit=20&page=1"

Response and pagination conventions

  • Pagination defaults: page=1, limit=20
  • Maximum limit: 100
  • Errors are returned as:
    • { "error": "message" }
    • { "error": "message", "details": [...] }

Best practices

  • Keep API keys server-side when possible
  • Rotate keys when an integration is no longer trusted
  • Revoke compromised keys immediately
  • Use least privilege in your own middleware and gateway logic