Authentication

KROVN API supports two authentication methods:

API Key (recommended)

Pass your API key in the X-API-Key header:

curl -H "X-API-Key: krovn_your_key_here" \
  https://krovn.io/api/v1/regime

Getting an API Key

Create an account at krovn.io/app
Go to Account Settings → API Keys
Click Create Key
Copy the key — it’s only shown once

Key Format

API keys follow the format krovn_ followed by 64 hex characters:

krovn_a1b2c3d4e5f6...

The krovn_ prefix makes keys easy to identify in your code and rotate if leaked.

Session Token

For browser-based access, use a session token from the login endpoint:

# Login
curl -X POST https://krovn.io/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]","password":"your_password"}'

# Use the token
curl -H "Authorization: Bearer YOUR_SESSION_TOKEN" \
  https://krovn.io/api/v1/regime

Session tokens expire after 24 hours.

Unauthenticated Access

Most /api/v1/ endpoints work without authentication, subject to the global rate limit (300 requests per 15 minutes).

Unauthenticated requests share a rate limit pool by IP address. For production use, always use an API key.

Introduction Rate Limits

⌘I

Getting Started

​Authentication

​API Key (recommended)

​Getting an API Key

​Key Format

​Session Token

​Unauthenticated Access

Authentication

API Key (recommended)

Getting an API Key

Key Format

Session Token

Unauthenticated Access