Authentication
How to authenticate with the VantageKit API using API keys.
All API requests require authentication via an API key. Keys are scoped to your team and provide read-only access to your deal rooms, documents, links, viewers, and analytics.
API key format
Keys follow the format vk_live_ followed by 32 alphanumeric characters:
vk_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345The vk_live_ prefix identifies VantageKit API keys and helps prevent accidental leaks in code review tools and secret scanners.
Passing your key
Use either of these methods — both are equivalent:
curl https://api.vantagekit.com/v1/deal-rooms \
-H "X-API-Key: vk_live_YOUR_API_KEY"Scopes
API keys currently support the read scope, which grants read-only access to all v1 endpoints. Write scopes will be added in a future API version.
Key lifecycle
| Action | How |
|---|---|
| Create | Settings > API Keys > Create API Key |
| View prefix | The first 8 characters (after vk_live_) are shown for identification |
| Revoke | Settings > API Keys > click the delete icon on any key |
| Expiration | Keys do not expire by default. Set an expiration date at creation time if needed. |
Your team can have up to 5 API keys on the Scale plan.
Security best practices
Keep your keys safe
Store keys in environment variables, never in source code. If a key is compromised, revoke it immediately in Settings > API Keys.
- Rotate keys periodically — revoke old keys and create new ones
- Use separate keys for separate integrations so you can revoke individually
- Monitor the "Last used" column in Settings to identify unused keys
Error responses
| Error code | HTTP status | Meaning |
|---|---|---|
unauthorized | 401 | Key is missing, malformed, not found, revoked, or expired |
forbidden | 403 | Key lacks the required scope for this endpoint |
payment_required | 402 | Your plan does not include API access |
rate_limit | 429 | Too many requests — see Rate Limiting |