Authentication
Generating API Keys
The Vellum API uses API keys to authenticate requests. You can view and manage your API keys in the Vellum here.
Environment-Scoped API Keys: API keys are scoped to specific Environments (i.e. Development, Staging, Production). When you make an API call, it performs actions within the context of the Environment from which the API key was created. Make sure to use the appropriate API key for each Environment.
Rotating API Keys
API Keys can be created from the Workspace Settings page.
To rotate your API key:
- Select the appropriate Environment using the Environment picker
- Create a new API key in the Workspace Settings
- Update your applications to use the new API key
- Delete the old API key
Each Environment maintains its own set of API keys. You’ll need separate API keys for each of your environments (e.g. Development, Staging, and Production) to ensure proper isolation.
Authentication
Authentication is performed using headers. You should include your API key as the value associated with the X_API_KEY
header in your requests.
Note that all API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
API Key Best Practices
The API keys you generate should be treated like passwords. Do not share your API keys in publicly accessible areas such as GitHub, client-side code, etc.