Minerva is the single entry point. The only credential you need is your API key.
Where to get your API key
1
Sign in
Log in at app.minerva.io (not available on the free tier).
2
Open Settings
Click your org name in the bottom-left → the three dots (
...) → Settings.3
Open the API tab
Open the API tab and copy your key. Treat it like a password.
Use it
Resolution order
1
Constructor argument
2
Environment variable
MINERVA_API_KEYMinervaAuthError("no API key (set MINERVA_API_KEY or pass api_key=).").
Static egress IPs (production)
Outbound traffic Minerva sends to your endpoints — activation pushes, webhooks, any Minerva-initiated callback — originates from a fixed set of static IPs. If your security team needs to allowlist third-party inbound traffic, allow these three addresses:You do not need to allow these IPs for your SDK calls to reach
api.minerva.io — outbound HTTPS from your side works without any
allowlist. The list above only matters for traffic Minerva sends to
your systems (activations / webhooks). If you don’t receive
Minerva-initiated traffic, you can skip this.How it’s sent
The SDK sends the API key as thex-api-key header on every request. There’s
no token exchange, no session state, no rotation handled by the SDK — your
long-lived API key is the only credential. The server-side authorizer decides
what your key is entitled to.
Rotating your key
Rotate your key in the Minerva web app. Once rotated:- The old key continues working for the documented grace period (check your plan)
- Update
MINERVA_API_KEYin your deployment / secret store - Restart the process so a fresh
Minerva()picks up the new value
Errors you might see
See Error handling for the full hierarchy.