Trigv is operated by Webtions OU (dba Trigv). For broader data practices see our Privacy Policy.
HTTPS only
All API requests must use TLS. Production base URL: https://api.trigv.com. Enable certificate verification in your HTTP client.
Ingest authentication
Send events with a workspace API key in the header — not in the JSON body:
- Keys use format
trgv_{8}_{32}. We store a bcrypt hash and prefix only. - Full keys are shown once at creation or rotation.
- Login tokens (Sanctum) cannot be used for ingest. Ingest keys cannot be used on dashboard API routes.
- Rotate or revoke keys anytime in API Keys.
Store keys safely
- Use environment variables or a secrets manager — never commit keys to git.
- Do not paste full keys into support tickets. We can look up keys by prefix only.
- Rotate immediately if a key may have been exposed.
What we log
- Event metadata — status, level, timestamps, device counts. Not notification title or body.
- Key usage — prefix, last used time, last used IP. Never the full secret.
- We do not log
Authorizationheaders or ingest request bodies in application logs.
Notification content
We deliver the alert but don't keep the message on our servers. Title and description reach your devices through push delivery and are stored in encrypted local history on each device — not in our database.
Rate limits
Per-key burst limit (default 60 requests/minute) and monthly workspace event caps.
Machine-readable spec
OpenAPI 3.1 with bearerAuth security schemes: api.trigv.com/openapi.yaml
Ingest format
Event ingest uses POST /api/v1/events with JSON and
Authorization: Bearer trgv_…. Optional fields include
description, image_url, level,
event_type, and idempotency_key.
Contact: [email protected]
