Skip to main content
Minerva is the single entry point. The only credential you need is your API key.

Where to get your API key

1

Sign in

Log in at app.minerva.io (not available on the free tier).
2

Open Settings

Click your org name in the bottom-left → the three dots (...) → Settings.
3

Open the API tab

Open the API tab and copy your key. Treat it like a password.

Use it

Resolution order

1

Constructor argument

2

Environment variable

MINERVA_API_KEY
If neither is set, the first call raises MinervaAuthError("no API key (set MINERVA_API_KEY or pass api_key=).").

Static egress IPs (production)

Outbound traffic Minerva sends to your endpoints — activation pushes, webhooks, any Minerva-initiated callback — originates from a fixed set of static IPs. If your security team needs to allowlist third-party inbound traffic, allow these three addresses:
You do not need to allow these IPs for your SDK calls to reach api.minerva.io — outbound HTTPS from your side works without any allowlist. The list above only matters for traffic Minerva sends to your systems (activations / webhooks). If you don’t receive Minerva-initiated traffic, you can skip this.

How it’s sent

The SDK sends the API key as the x-api-key header on every request. There’s no token exchange, no session state, no rotation handled by the SDK — your long-lived API key is the only credential. The server-side authorizer decides what your key is entitled to.

Rotating your key

Rotate your key in the Minerva web app. Once rotated:
  • The old key continues working for the documented grace period (check your plan)
  • Update MINERVA_API_KEY in your deployment / secret store
  • Restart the process so a fresh Minerva() picks up the new value

Errors you might see

See Error handling for the full hierarchy.