Protected Rivo Business API requests should be made from your backend using API keys issued by Rivo Business. Your app should never call protected Rivo Business endpoints directly from a browser or mobile app. Your backend signs the request and sends it to Rivo Business. API-key requests operate in the business account context for the issued key.

Required headers

x-api-key: YOUR_RIVO_BUSINESS_API_KEY
x-timestamp: 2026-05-22T00:00:00.000Z
x-signature: GENERATED_SIGNATURE

Where requests should be signed

Sign requests on your backend only. Do not put API keys, signing secrets, PINs, passwords, or authorization values in frontend code, mobile apps, analytics tools, public Postman workspaces, or logs.