Authentication

The Docs API API authenticates requests with your account's API keys. Pass your secret key as a bearer token on every request — there are no cookies or sessions to manage.

API keys #

Each account has two key pairs available in the Dashboard: a test mode pair and a live mode pair. Test keys operate on isolated data and never affect production resources.

Bearer tokens #

Authenticate by sending your secret key in the Authorization header using the Bearer scheme. Requests without a valid key return 401 Unauthorized.

curl https://api.docs.vexart.net/v1/resources \
  -H "Authorization: Bearer sk_live_4eC39Hq..."

const res = await fetch("https://api.docs.vexart.net/v1/resources", {
  headers: { Authorization: `Bearer ${apiKey}` }
});
const data = await res.json();

import requests

resp = requests.get(
    "https://api.docs.vexart.net/v1/resources",
    headers={"Authorization": f"Bearer {api_key}"},
)
data = resp.json()

Scopes & restricted keys #

For finer control, create restricted keys scoped to specific resources and permission levels. A restricted key that can only read resources is useful for analytics workers and dashboards.

Security best practices #

• Make all requests over HTTPS; calls over HTTP fail and any key sent is considered compromised.
• Use restricted keys with the narrowest scope a task requires.
• Rotate keys on a schedule and immediately after a suspected exposure.
• Store secrets in a vault or environment variables — never in source control or client bundles.