Navvo
Getting Started

Developer Portal

Use the Navvo Developer Portal to create organizations and projects, manage API keys, watch live usage, and test endpoints in the sandbox.

Developer Portal

The Developer Portal at navvo.io/developer is the fastest way to work with the Navvo API. It's a point-and-click console for everything you'd otherwise do over REST — organizations, projects, API keys, live usage and a request sandbox.

Everything in the portal is scoped to your account: you only ever see and manage the organizations, projects and keys that you created.

The portal requires the developer role (or admin / super_admin). A freshly registered account has only the user role — contact Navvo to have the developer role granted. See Authentication for the role model.

Layout

The portal is organised into four tabs:

Overview

Your organization, project and key counts, total requests today, and a guided three-step setup. ::::

Workspace

Create, rename and delete organizations and the projects inside them. ::::

API keys

Mint keys, edit scopes/plan/quotas, rotate secrets, activate/deactivate, and delete — with live per-key usage. ::::

Sandbox

Run real API requests as one of your keys without ever copying the secret into the browser. ::::

1. Set up a workspace

Open the Workspace tab and create an organization (a URL-safe slug is generated for you). Inside each organization card, add one or more projects — typically one per app or environment (for example Driver App and Rider App, or staging and production).

You can rename or delete an organization or project at any time. Deleting an organization cascades to its projects and keys; deleting a project cascades to its keys. These actions are permanent.

2. Mint an API key

Switch to the API keys tab and fill in the Create an API key form:

Pick a project

Choose from a dropdown of your projects (grouped as Organization / Project) — no IDs to copy.

Name the key

Give it a clear label such as Driver App — production.

Choose a plan

free, startup, growth or enterprise. The plan sets default quotas; you can fine-tune them later.

(Optional) Adjust scopes

Expand Scopes to toggle exactly what the key can do. Eight scopes are on by default; geo, insights and optimize are opt-in. See Authentication → Scopes.

When you click Issue API key, the full secret is shown once in a highlighted banner. Copy it immediately — Navvo only stores a hash, so it can never be shown again.

If you navigate away without copying the key, you can't recover it. Rotate the key to get a fresh secret.

3. Manage your keys

Each key in Your API keys shows its label, last-four, plan, status, scope count, when it was last used, and two live usage meters (requests this minute and today, against the key's quota — refreshed automatically).

The per-key actions are:

ActionIconWhat it does
Activate / DeactivatepowerToggle the key on or off. An inactive key is rejected with 403 until re-enabled.
EditpencilChange the label, plan, scopes, and per-minute / per-day quotas.
RotaterefreshGenerate a new secret and immediately invalidate the old one (same key id, scopes and quotas). The new secret is shown once.
DeletetrashPermanently remove the key. Requests using it stop working immediately.
The per-minute quota is capped at 255 requests; the per-day quota can be much higher. Usage meters turn amber at 70% and red at 90% so you can spot a key approaching its limit.

4. Test in the sandbox

The Sandbox tab lets you fire real requests at the Navvo API and see the live response.

  1. Select an API key — this is required. The dropdown lists only your own keys, so the secret never leaves the server: the portal proxies the call server-side as the key you pick.
  2. Choose an endpoint from the curated, read-only list (search, geocoding, places, routing, health, …). For POST endpoints (read-only compute, e.g. routing) you can edit the JSON body. The sandbox deliberately exposes only safe, non-mutating endpoints.
  3. Send request — the button is disabled until you've selected a key.

The response panel shows the HTTP status, round-trip time, and the formatted JSON body. The sandbox applies your key's scope and active-state checks before forwarding: if the selected key is inactive, or is missing a scope the endpoint needs, you'll get a 403 explaining exactly what's wrong — a quick way to verify a key is configured correctly before you ship.

The sandbox is the easiest way to confirm a newly minted key works and has the right scopes. Once it succeeds there, the same request will work from your own code with the x-api-key header.

Prefer the API?

Everything in the portal is backed by the /developer/* REST endpoints documented in Authentication → Managing keys, so you can script organization, project and key management into your own tooling.

Copyright © 2026