Skip to content

Authentication

Navon uses bearer tokens. Create a key in the customer portal under your project, then pass it on every request:

Terminal window
Authorization: Bearer $NAVON_API_KEY
  • Keys are scoped to a project, so usage and billing stay separate per team.
  • Access is controlled through the portal with RBAC and SAML SSO; partners get keys through SSO and credits rather than shared secrets.
  • Treat keys as secrets. Rotate them from the portal if one is exposed.

Requests are served in-country. By default the Token Factory runs in zero-retention mode: prompts and outputs are not stored and are never used for training. Data residency and retention are covered by the Trust, Security & Governance layer.