VexSolver

Authentication

Every API call must include your API key.

The X-API-Key header

VexSolver uses a simple header-based authentication. Include your key in the X-API-Key header on every request. We do not accept Authorization: Bearer.

curl -H "X-API-Key: sk_live_..." \
     https://api.vexsolver.com/api/health

Key format

Keys begin with the prefix sk_live_ followed by 64 hex characters. They are generated via crypto/rand at account creation and stored as opaque tokens.

Failed authentication

If your key is missing or invalid:

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{"success":false,"error":"missing X-API-Key header"}

Rotating your key

Visit your Dashboard and click "Regenerate". The old key is invalidated immediately. Update your integrations before rotating.

Never commit your API key to version control. Use environment variables, secret managers, or .env files that are gitignored.