Authentication

All API endpoints require an API key passed in the X-API-KEY header.

Getting Your API Key

Sign up or log in at app.vcm.fyi
Upgrade to a Pro or Enterprise plan
Go to Settings > API
Click Generate New Key and give it a name
Copy the key — it’s shown only once

Your key looks like: vcm_live_a1b2c3d4e5f6g7h8i9j0k1l2...

Using Your Key

Include the key in every request via the X-API-KEY header:

curl -H "X-API-KEY: vcm_live_your_key_here" \
  "https://api.vcm.fyi/v1/projects/"

import requests

headers = {"X-API-KEY": "vcm_live_your_key_here"}
response = requests.get(
    "https://api.vcm.fyi/v1/projects/",
    headers=headers
)

const response = await fetch("https://api.vcm.fyi/v1/projects/", {
  headers: { "X-API-KEY": "vcm_live_your_key_here" },
});

Error Responses

Status	Error	Meaning
401	`missing_api_key`	No `X-API-KEY` header provided
401	`invalid_api_key`	Key doesn’t match any active key
401	`revoked_api_key`	Key has been revoked — generate a new one
401	`expired_api_key`	Key has expired — generate a new one
403	`upgrade_required`	API access requires a Pro or Enterprise plan

Key Management

You can manage your keys programmatically via the API:

GET /v1/api-keys/ — List your keys
POST /v1/api-keys/ — Create a new key
DELETE /v1/api-keys/{id} — Revoke a key
GET /v1/api-keys/usage — View usage stats

Security Best Practices

Never expose keys in client-side code — only use them server-side
Don’t commit keys to git — use environment variables
Rotate keys regularly — create a new key and revoke the old one
Use separate keys for dev/prod — makes it easy to revoke if needed
You can have up to 5 active keys at a time

Getting Started

​Authentication

​Getting Your API Key

​Using Your Key

​Error Responses

​Key Management

​Security Best Practices