API keys and automation
Create API keys in Reveddy, call the testimonial request endpoint safely from your backend, and rotate credentials without downtime.
Settings → API issues API keys for server-to-server automation. Keys are shown only once at creation; store them in a secrets manager, not in client-side code or public repositories. Each key has a visible prefix (for example rv_live_…) so support can identify which credential rotated without exposing the full secret.
Typical use cases include custom checkout flows that are not Shopify or Stripe, internal tools that enqueue testimonial asks after a CRM stage changes, and Zapier-style middleware that maps webhooks into Reveddy’s HTTP API. The dashboard documents example curl commands pointing at your environment’s base URL—replace placeholders with a real campaign ID and customer payload.
Always call the API from backend processes so keys never ship to browsers. Enforce idempotency on your side when external systems may retry deliveries; Reveddy deduplicates some paths using external event identifiers when you supply them, reducing duplicate emails to customers.
Rotation should be a two-step dance: create a new key, deploy it everywhere, verify traffic, then revoke the old key. If a key leaks, revoke immediately and audit recent testimonial requests for anomalies.