APIs

API Keys

API keys give your backend access to the Journey API. Generate your key from dashboard settings, store it as an environment variable, and use it to authenticate requests from your server.

Generating your API key

Open your Jourvex dashboard and go to Settings → API Access. Click Generate API Key to create a new key.

Jourvex only shows the raw API key once during generation and cannot retrieve it later. Copy and store it somewhere safe before leaving the page.

Save your key immediately. Once you leave the generation screen the key cannot be retrieved again. If you lose it you will need to rotate your key and generate a new one.

Your key will look similar to this:

API key format 
jvx_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ...

Storing your key safely

Your API key should always be stored as an environment variable on your server.

Never hardcode it in source code, commit it to version control, or expose it through browser JavaScript.

Set as an environment variable

.env 
JOURVEX_API_KEY=jvx_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ...

Read it in your backend

python 
import os

JOURVEX_API_KEY = os.environ["JOURVEX_API_KEY"]
javascript / node 
const JOURVEX_API_KEY = process.env.JOURVEX_API_KEY;
Never use your API key in browser code. The Journey API is designed to be called from your backend only. Putting your key in frontend JavaScript exposes it to anyone who can inspect your page or network requests.
Keep the architecture separated. Your frontend sends journey_id to your backend. Your backend performs authenticated requests to the Journey API using your API key.

Using your key in requests

Pass your API key as a Bearer token in the Authorization header of every Journey API request.

HTTP 
GET https://jourvex-api.onrender.com/api/journey/{journey_id}

Authorization: Bearer jvx_live_...
python 
import requests
import os

res = requests.get(
    f"https://jourvex-api.onrender.com/api/journey/{journey_id}",
    headers={
        "Authorization": f"Bearer {os.environ['JOURVEX_API_KEY']}"
    }
)

journey = res.json()
javascript / node 
const res = await fetch(
  `https://jourvex-api.onrender.com/api/journey/${journeyId}`,
  {
    headers: {
      Authorization: `Bearer ${process.env.JOURVEX_API_KEY}`
    }
  }
);

const journey = await res.json();

Checking key status

Your dashboard shows the prefix of your active key and the last time it was used.

Review this periodically to confirm your integration is active and to detect unexpected usage patterns.

The full key is never shown again after generation. Only the prefix is displayed so you can identify which key is active without exposing the full secret.

Rotating your key

If you believe your key has been exposed or you want to issue a fresh one, rotate it from Settings → API Access in your dashboard.

Rotating invalidates your current key immediately. Requests using the old key will stop working as soon as rotation completes.

Deploy your new key before rotating. Update your environment variables and deploy your backend before invalidating the current key. Otherwise there may be a temporary window where authenticated requests fail.

After rotation your dashboard will display the prefix of the new key and a last used timestamp of never until the first successful request is made.

Error responses

The Journey API returns standard HTTP status codes. These are the most common responses.

Status
Meaning
What to do
401
Unauthorized
Your API key is missing, malformed, inactive, or rotated. Verify your Authorization header and environment variables.
403
Forbidden
The requested journey_id does not belong to your account.
429
Rate limited
You exceeded 300 requests per hour. Retry later or contact support if you need higher limits.
500
Server error
Something failed on our side. Retry with exponential backoff. If the issue persists, contact hello@jourvex.com.

Best practices

Use journey_id as your deduplication key
The same journey_id may appear more than once if a visitor converts multiple times or retries a submission.
Keep Journey API calls on your backend
The state object resolves in the browser. Authenticated Journey API requests happen on your server.
Handle failures gracefully
A failed journey fetch should never block a conversion flow. Log the error and continue processing the submission normally.
Check last used activity regularly
Review the last used timestamp in your dashboard. If activity does not match expected traffic patterns, rotate the key and review your integration.
Journey API Examples