Skip to main content

API Keys

All API requests (except /health) require authentication using an API key. API keys are tied to your VibePeak account and grant access based on your subscription plan.

Getting an API Key

  1. Log in to your VibePeak Dashboard
  2. Navigate to SettingsAPI
  3. Click Create API Key
  4. Give your key a descriptive name (e.g., “Production”, “Development”)
  5. Copy and securely store your key
Your API key is only shown once. Store it immediately in a secure location like a password manager or environment variable. If you lose it, you’ll need to create a new one.

API Key Format

VibePeak API keys follow this format: 
vpk_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ123456
  • vpk_live_ - Prefix identifying it as a VibePeak live API key
  • aBcDeFgHiJkLmNoPqRsTuVwXyZ123456 - Random unique identifier

Using Your API Key

Include your API key in the Authorization header of every request: 
Authorization: Bearer vpk_live_xxxxx

Example Request

curl https://api.vibepeak.ai/v1/tasks/task_abc123 \
  -H "Authorization: Bearer vpk_live_xxxxx"

Authentication Errors

Error CodeHTTP StatusDescription
MISSING_API_KEY401No API key provided in the request
INVALID_API_KEY401The API key is malformed or doesn’t exist
API_KEY_REVOKED401The API key has been revoked
API_KEY_EXPIRED401The API key has expired
PLAN_REQUIRED403Your plan doesn’t include API access

Example Error Response

{
  "error": {
    "code": "INVALID_API_KEY",
    "message": "The provided API key is invalid or has been revoked",
    "request_id": "req_abc123xyz"
  }
}

Security Best Practices

API keys should only be used in server-side code. Never include them in:
  • JavaScript running in the browser
  • Mobile app code
  • Public repositories
  • Frontend environment variables
Store your API key in environment variables rather than hardcoding:
# .env file (never commit this!)
VIBEPEAK_API_KEY=vpk_live_xxxxx

// Node.js
const apiKey = process.env.VIBEPEAK_API_KEY;
Rotate your API keys periodically and immediately if you suspect compromise. You can create a new key and revoke the old one from your dashboard.
Create separate API keys for development and production. This limits the impact if a key is compromised.

Managing API Keys

Viewing Keys

From your API settings, you can see:
  • Key name and creation date
  • Key prefix (first 8 characters)
  • Last used timestamp
  • Revocation status
For security, the full API key is never shown after creation.

Revoking Keys

To revoke an API key:
  1. Go to SettingsAPI
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the action
Revoked keys immediately stop working. Any requests using them will receive a 401 error.

Plan Requirements

API access requires a Plus or Pro plan.
PlanAPI AccessConcurrent Tasks
Free-
Starter-
Plus1
Pro3
If you’re on Free or Starter, you’ll receive this error: 
{
  "error": {
    "code": "PLAN_REQUIRED",
    "message": "API access requires a Plus or Pro plan. Please upgrade your subscription.",
    "details": {
      "current_plan": "Free",
      "required_plans": ["Plus", "Pro"]
    }
  }
}

Upgrade your plan

Get API access by upgrading to Plus or higher