The Vatstack API requires a Public Key or a Secret Key to authenticate requests. API requests to any of the endpoints described here will fail without authentication.

You can view and manage your unique API keys in the dashboard. There are two ways with which you can authenticate requests using the public key.

Public Key in Query Parameters

Add your public key to every request by including key in the query params. When retrieving a list of your validations from the past, for example, your GET request could look like this:

You can see that the request URI quickly becomes illegible. You can alternatively supply your public key in your headers. See below for instructions.

Public Key or Secret Key in Headers

In your request’s headers, add a string to the Authorization key that containing the Credential method and your API key separated with a space. Example for your authorization header using a sample public key:

Authorization: 'Credential pk_6c46e7d65bc2caccdbf48f4a9c2fcba7'

This method can be convenient to globally declare an authorization header for your entire app. Supplying your API key in each query params will become redundant.

Some endpoints require a secret key to protect your data from spoofing or from being manipulated. Our documentation will always mention which of the keys you can use to perform a request.