Authentication
The Vexutopia API uses API keys to authenticate requests. This guide covers how to obtain, use, and secure your API keys.
API Key Types
Vexutopia provides two types of API keys for different environments:
Use test keys during development. No real transactions are processed.
vex_test_...Use live keys in production. Real transactions are processed.
vex_live_...Getting Your API Keys
- 1Sign in to your Vexutopia dashboard
- 2Navigate to API Keys in the sidebar
- 3Click "Create API Key" and choose the key type (Test or Live)
- 4Copy your key immediately - it won't be shown again
Using Your API Key
Include your API key in the Authorization header as a Bearer token with every request:
curl https://api.vexutopia.com/v1/payments \
-H "Authorization: Bearer vex_test_your_api_key" \
-H "Content-Type: application/json"const response = await fetch('https://api.vexutopia.com/v1/payments', {
headers: {
'Authorization': 'Bearer vex_test_your_api_key',
'Content-Type': 'application/json'
}
});
const data = await response.json();Required Headers
| Parameter | Type | Description |
|---|---|---|
Authorizationrequired | string | Bearer token with your API key. Format: Bearer vex_test_xxx or Bearer vex_live_xxx |
Content-Typerequired | string | Must be application/json for requests with a body |
Authentication Errors
If authentication fails, you'll receive one of these errors:
No API key provided or the Authorization header is malformed.
{
"error": {
"code": "unauthorized",
"message": "No API key provided"
}
}The API key is invalid or has been revoked.
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided is invalid"
}
}Security Best Practices
Keep keys secret
Never expose API keys in client-side code, public repositories, or share them in plain text.
Use environment variables
Store API keys in environment variables, not in your codebase.
# .env.local
VEXUTOPIA_API_KEY=vex_live_your_api_keyUse test keys for development
Always use test keys during development to avoid processing real transactions.
Rotate keys regularly
Create new keys periodically and revoke old ones to maintain security.