Jump to
Authentication
All Vectorly API endpoints require authentication using service tokens via Bearer token authentication.
Getting a service token
To use the Vectorly API, you need a service token. Create an account and generate a service token from the Vectorly console.
Get service tokenOnce you have an account, you can create and manage service tokens from the Vectorly console.
Overview
The Vectorly API uses service token authentication. Include your service token in the X-Service-Token header with every request.
Keep your service tokens secret. Never commit them to version control or expose them in client-side code.
Making authenticated requests
Header format
X-Service-Token: YOUR_SERVICE_TOKENExample
cURLError responses
401 Unauthorized
Returned when the service token is missing, invalid, expired, or revoked.
JSONCommon issues:
- Missing
X-Service-Tokenheader - Expired or revoked service token
- Invalid service token format
- Service token not generated from https://console.vectorly.app
Security best practices
- Keep service tokens secret: Never commit service tokens to version control. Use environment variables or secure secret management systems.
- Use environment variables:
export VECTORLY_SERVICE_TOKEN="your-service-token-here" - Server-side only: Never use service tokens in client-side JavaScript. Service tokens should only be used in secure server environments.
- Rotate tokens regularly: Regularly rotate service tokens for security. Generate a new token from the console, update integrations, then revoke the old token.