Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cativa.digital/llms.txt

Use this file to discover all available pages before exploring further.

This flow is ideal for scripts, jobs, and server-to-server syncs — anything that doesn’t involve an interactive user. If you want the user to log in, use Sign in with Cativa.
1

Create an API Key

In the Console, go to Developers > API Keys > Create.Give it a name (e.g. Sync HubSpot prod) and click Create. The key is shown only once in the format:
cativa_live_8c1d4e2a3b5f4d8a9c6e7f0b1a2d3e4f
Copy and store it safely — you can’t view it again. If you lose it, generate a new one and revoke this one.
2

Make your first request

Fetch the data of the user associated with the key (canonical endpoint for credential validation):
curl https://apis.cativalab.digital/social/v1/auth/me \
  -H "Authorization: Bearer cativa_live_8c1d4e2a3b5f4d8a9c6e7f0b1a2d3e4f"
The response includes the id of the user tied to the key, email, displayName, role, the customer (tenant) name and the effective session token. Use it as a sanity check that your key is valid and points to the right tenant.
The tenant is resolved automatically from the key — no extra header is required. Each API Key belongs to a single tenant; every authenticated call already arrives with the right context.
3

That's it!

From here you can call any other authenticated API endpoint with the same Authorization: Bearer cativa_live_....
The public endpoint catalog (including user creation, badge assignment and community/post reads) is coming soon in this documentation. Until then, align specific endpoints with the Cativa team at dev@cativa.digital.

Best practices

Use environment variables (e.g. CATIVA_API_KEY) or a secrets vault (Doppler, 1Password Secrets, AWS Secrets Manager). Never commit keys to your repo.
Use descriptive names (Sync HubSpot prod, CI build, Migration 2026-Q2) — makes it easier to audit and revoke the right one.
We recommend rotation every 90 days. If a key leaks, revoke it immediately in the Console and generate a new one.
401 Unauthorized means the credential is invalid or has been revoked. 403 Forbidden indicates a valid key without permission for the resource. Always log the traceId returned in the error response body.