Skip to main content
Foveus API keys connect your services to your workspace. Your service uses an API key when sending executions, logs, context, metrics, and issue evidence to Foveus.

Key types

Foveus supports two key types:
Key typeCreated byUse for
Test keyCreated automatically during onboardingLocal development, sandbox testing, QA, and private beta setup
Live keyCreated manually from SettingsProduction telemetry
Test keys usually start with: 
fov_test_...
Live keys usually start with: 
fov_live_...

Test keys

Your test key is created automatically during onboarding. Use it for:
  • local development
  • sandbox services
  • QA environments
  • staging validation
  • SDK setup
Foveus defaults to Test mode, so you do not need to set Mode when using a test key. 
{
  "Foveus": {
    "ApiKey": "fov_test_..."
  }
}
During private beta, test keys cannot be rotated from the Settings page. Rotation controls will be added later.

Live keys

Create a live key only when you are ready to send production telemetry. Use a live key with Mode: "live". 
{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "ServiceName": "orders-api",
    "Environment": "production",
    "Mode": "live"
  }
}
Treat live keys like production secrets. Do not expose them in source control, logs, screenshots, chat messages, issue trackers, or client-side applications.

Store keys safely

Do not hardcode API keys in production code. For local development, use .NET user secrets: 
dotnet user-secrets set "Foveus:ApiKey" "fov_test_..."
For deployed services, use a secret manager or environment variable. Common options include:
  • Azure Key Vault
  • AWS Secrets Manager
  • Google Secret Manager
  • Kubernetes secrets
  • Docker secrets
  • Render environment variables

Use environment variables

Most .NET apps can read configuration from environment variables. For a nested configuration value like: 
{
  "Foveus": {
    "ApiKey": "fov_live_..."
  }
}
you can set: 
Foveus__ApiKey=fov_live_...
Then load configuration normally: 
builder.Services.AddFoveus(builder.Configuration);

Do not expose keys to browsers

Foveus API keys are server-side secrets. Do not use them in:
  • frontend JavaScript
  • mobile apps
  • browser extensions
  • public repositories
  • static websites
Send telemetry from your backend services.

Keep test and live keys separate

Use test keys for non-production telemetry. Use live keys for production telemetry. Do not use a test key in production. Do not use a live key in local development.

Permissions

During private beta, Foveus API keys are created with permissions needed to ingest telemetry. A key may allow telemetry ingestion for:
  • executions
  • logs
  • metrics
  • context
  • issue evidence
Later, workspace owners may be able to create keys with narrower permissions for specific services, environments, or telemetry types.

Rotate live keys

Rotate a live key if:
  • the key was exposed
  • a team member with access leaves
  • your security policy requires periodic rotation
  • you are replacing an old production key
To rotate a live key:
  1. Create a new live key in Settings.
  2. Update your service secret.
  3. Redeploy or restart your service.
  4. Confirm telemetry is arriving with the new key.
  5. Disable or delete the old key.
During private beta, this rotation flow applies to live keys only. Test key rotation from Settings is not available yet.

If a key is exposed

If a live key is exposed:
  1. Create a new live key.
  2. Update your service configuration.
  3. Deploy the new key.
  4. Confirm telemetry is arriving.
  5. Disable or delete the exposed key.
If a test key is exposed during private beta and you cannot rotate it from Settings, contact Foveus support.

Logging safety

Never log your API key. Avoid logging full configuration objects if they include secrets. If an API key appears in logs:
  1. Remove or mask the log.
  2. Rotate the key if rotation is available.
  3. Check whether the key was shared outside your team.

Example production setup

{
  "Foveus": {
    "ApiKey": "fov_live_...",
    "ServiceName": "orders-api",
    "Environment": "production",
    "Mode": "live",
    "CaptureProfile": "Balanced"
  }
}
For deployed services, keep ApiKey in a secret manager and keep the remaining non-secret options in app configuration.

Troubleshooting

Telemetry does not appear

Check that:
  • the API key is correct
  • the key mode matches the dashboard mode
  • the service can reach Foveus
  • the SDK is loading the expected configuration
  • the service was restarted after changing the key

Telemetry appears in Test mode

Foveus defaults to Test mode. If this is production telemetry, use a live key and set: 
{
  "Foveus": {
    "Mode": "live"
  }
}

A key was committed to source control

Remove the key from source control and rotate it if possible. If the key appears in Git history, treat it as exposed.

Next steps