API Keys
Authenticate API requests with secure API keys.
Overview
API keys allow you to:
- Authenticate API requests
- Integrate with external systems
- Automate photo request workflows
- Build custom applications
Plan Requirement
API access requires a plan that includes API features.
Creating an API Key
Steps
- Go to API Keys in the sidebar
- Click Create API Key
- Enter a descriptive name
- Toggle Active (default: on)
- Click Create
Save Your Key
One-Time Display
The full API key is shown only once at creation. Copy and store it securely. You cannot retrieve it later.
After creation:
- Copy the key immediately
- Store in a secure location
- Never share publicly
Using API Keys
Authentication Header
Include the API key in request headers:
bash
curl -X GET "https://api.visio.now/v1/status" \
-H "X-API-Key: your-api-key-here"Header Name
| Header | Value |
|---|---|
X-API-Key | Your API key |
Example Request
bash
# Create a photo request
curl -X POST "https://api.visio.now/v1/photo-requests" \
-H "X-API-Key: vsk_live_abc123..." \
-H "Content-Type: application/json" \
-d '{
"instructions": "Please send photos of the vehicle",
"photo_slots": [
{"instructions": "Front view", "is_required": true},
{"instructions": "Rear view", "is_required": true}
]
}'Managing API Keys
View Keys
The API Keys list shows:
- Key name
- Masked key (partial display)
- Active/inactive status
- Last used date
- Creation date
Edit Key
- Click the edit icon
- Update the name
- Toggle active status
- Save changes
Deactivate Key
Temporarily disable a key:
- Click Deactivate on the key
- Confirm the action
- Key immediately stops working
Activate Key
Re-enable a deactivated key:
- Click Activate on the key
- Confirm the action
- Key works again immediately
Regenerate Key
Create a new key value:
- Click Regenerate
- Confirm the action (old key stops working)
- Copy the new key immediately
Immediate Invalidation
Regenerating invalidates the old key instantly. Update all integrations before regenerating.
Delete Key
Permanently remove a key:
- Click Delete
- Confirm the action
- Key is permanently removed
API Key Format
Keys follow this format:
vsk_[environment]_[random-string]| Prefix | Environment |
|---|---|
vsk_live_ | Production |
vsk_test_ | Testing |
Security Best Practices
Key Storage
- Store in environment variables
- Use secrets management systems
- Never commit to version control
- Don't include in client-side code
Key Rotation
- Rotate keys periodically
- Rotate immediately if compromised
- Use short-lived keys for testing
Access Control
- Create separate keys per integration
- Use descriptive names
- Monitor key usage
- Deactivate unused keys
What NOT to Do
- Share keys in emails
- Post keys in chat/Slack
- Include in URLs
- Store in plain text files
Rate Limiting
API requests are rate-limited:
| Limit | Value |
|---|---|
| Per minute | 60 requests |
| Per hour | 1,000 requests |
Rate Limit Headers
Responses include:
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1609459200Exceeded Limit
When exceeded:
- HTTP 429 response
- Retry after indicated time
- Implement exponential backoff
Troubleshooting
401 Unauthorized
Causes:
- Invalid API key
- Key is deactivated
- Key was deleted/regenerated
- Missing header
Solutions:
- Verify key is correct
- Check key is active
- Regenerate if needed
403 Forbidden
Causes:
- Key doesn't have permission
- Feature not in plan
- Workspace restrictions
Solutions:
- Check plan features
- Verify key ownership
- Contact support
Key Not Showing
If you lost your key:
- The original cannot be retrieved
- Regenerate to get a new one
- Update all integrations
Key Limits
Per Plan
| Plan | Max API Keys |
|---|---|
| Professional | 5 keys |
| Enterprise | Unlimited |
Recommendations
- Production: 1 key per integration
- Development: Separate testing keys
- CI/CD: Dedicated deployment key
Related Pages
- API Reference - Full API documentation
- Webhooks - Real-time notifications
- Integrations - Pre-built integrations