Authentication
Learn how to authenticate your API requests using API keys.
API Key Authentication
The Vexa API uses token-based authentication. All API requests must include an API token in the Authorization header.
Authorization: Bearer YOUR_API_TOKEN
Validate API Key
Check if an API key is valid and get its associated permissions.
GET
/v1/auth/validatecurl -X GET "https://api.vexa.ai/v1/auth/validate" \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json"
Response
{
"valid": true,
"permissions": ["read:meetings", "write:meetings"],
"type": "user_token",
"expires_at": "2025-03-27T18:30:00Z"
}Managing API Keys
API keys can be generated and managed through the dashboard at vexa.ai/dashboard/api-keys.
API Key Best Practices
- Never expose your API keys in client-side code or public repositories
- Store API keys in environment variables or a secure key management system
- Rotate your API keys periodically, especially after team member changes
- Use different API keys for different environments (development, staging, production)
- Revoke unused or compromised API keys immediately
Token Types
User Tokens
For client applications and end-user requests. These tokens have limited permissions based on the user's role.
Service Tokens
For internal service-to-service communication. These tokens have elevated permissions and are used for backend services.
Error Responses
401 Unauthorized
{
"error": "unauthorized",
"message": "Invalid or missing API token"
}403 Forbidden
{
"error": "forbidden",
"message": "Valid token but insufficient permissions"
}