Overview
The Solvice Platform uses API key authentication to secure access to all optimization endpoints. Every request to our solvers requires a valid API key included in the request headers.All API communications are encrypted using HTTPS to ensure your data and credentials remain secure during transmission.
Getting Your API Key
1
Sign up for Solvice
Create your account at dashboard.solvice.io if you haven’t already.
New accounts receive a 14-day free trial with full access to all solver capabilities.
2
Navigate to API Keys
Once logged in, go to Settings → API Keys in your dashboard.

API Keys section in the Solvice Dashboard
3
Generate a new key
Click Create API Key and provide a descriptive name for your key (e.g., “Production VRP Integration”).
Store your API key securely. For security reasons, you won’t be able to view the full key again after creation.
4
Configure key permissions
Select which solvers and operations this key can access:
- Solver access: VRP, FILL, CREATE, TASK, CLUST
- Operations: Solve, Evaluate, Suggest, Status, Solution, Explanation
Follow the principle of least privilege - only grant permissions required for your specific use case.
Using Your API Key
Include your API key in theAuthorization
header of every request to Solvice APIs.
Authentication Header Format
The API key should be sent directly in the Authorization header without any prefix like “Bearer” or “Basic”.
Request Examples
Authentication Errors
When authentication fails, the API returns specific error codes to help diagnose the issue:Common Authentication Issues
401 Unauthorized - Missing API Key
401 Unauthorized - Missing API Key
401 Unauthorized - Invalid API Key
401 Unauthorized - Invalid API Key
403 Forbidden - Insufficient Permissions
403 Forbidden - Insufficient Permissions
Problem: Your API key doesn’t have permission for the requested operationSolution: Check your key’s permissions in the dashboard and ensure it has access to:
- The specific solver (VRP, FILL, etc.)
- The operation type (solve, evaluate, suggest)
429 Too Many Requests
429 Too Many Requests
Problem: You’ve exceeded your rate limitSolution:
- Implement exponential backoff in your retry logic
- Check your current rate limits in the dashboard
- Consider upgrading your plan for higher limits
Security Best Practices
1
Environment Variables
Never hardcode API keys in your source code. Use environment variables instead:
.env
Add
.env
files to your .gitignore
to prevent accidental commits2
Key Rotation
Regularly rotate your API keys, especially for production environments:
- Set up a rotation schedule (e.g., every 90 days)
- Update keys during maintenance windows
- Keep the previous key active briefly during transition
3
Separate Keys by Environment
Use different API keys for different environments:
4
Monitor Key Usage
Regularly review your API key usage in the dashboard:
- Check for unexpected usage patterns
- Monitor which endpoints are being called
- Set up alerts for unusual activity
5
Restrict Key Permissions
Apply the principle of least privilege:
- Development keys: Limited to non-production solvers
- Production keys: Only required solvers and operations
- CI/CD keys: Read-only access for testing
Server-Side Proxy Pattern
For web applications, implement a server-side proxy to keep your API keys secure:server.js