Hosted setup
The customer-facing setup path for hosted Valqio integrations.
Valqio customer integrations use hosted service surfaces. Your product code calls Valqio through the runtime data plane and SDK.
What you need
| Item | Where it comes from | How your app uses it |
|---|---|---|
| Console access | Valqio hosted Console | Configure product actions, meters, limits, credits, plans, customers, and environments. |
| Runtime API key | Console | Authorize server-side runtime calls for one project and environment. |
| Data plane URL | Console | Tell the SDK where to send evaluate, enforce, reserve, commit, and release calls. |
| SDK package | npm | Add Valqio to server routes, workers, or backend services. |
| Evidence views | Console | Inspect allow, deny, reservation, commit, release, retry, and billing-sync context. |
SDK distribution
Install the SDK from npm:
npm install @valqio/sdk-nodeThe npm package is sufficient for integration. Source links, if Valqio publishes them, are optional inspection material for client behavior, issues, and release history. The hosted Console, hosted data plane, runtime keys, and npm package are the public contract. The public contract is the hosted Console, hosted data plane, runtime keys, SDK package, generated client, and evidence surfaces.
Key types
Use a runtime key for server-side product requests. It can evaluate access, consume usage, write events, and settle reservations according to the scopes shown in Console.
Use public keys only for read-oriented client experiences, such as showing plan state or remaining usage through safe endpoints. Do not put server runtime keys in browser bundles.
Environment separation
Create separate keys for staging and production. Publish configuration for the environment your app will call, then point that environment's backend secrets at the matching data plane URL, project ID, environment key, and runtime API key.
When a key leaks or an environment changes, rotate the key in Console and redeploy the affected application secrets.