Authentication

VKRA uses industry-standard authentication patterns to ensure that your requests are secure and that your usage is properly tracked.

API Key Authentication

Most requests to the VKRA API are authenticated using an API key. This key should be included in the x-api-key header of every request.

Header Format

Obtaining an API Key

You can manage your API keys in the VKRA Dashboard.

1. Navigate to the API Keys section.
2. Click Create New Key.
3. Assign a name to the key (e.g., "Production Bot").
4. Copy the full key immediately. For security, we only show it once.

Bearer Token Authentication (Dashboard Only)

For internal dashboard operations or when using our administrative endpoints, we use Bearer tokens (JWT). These are typically handled automatically by our official dashboard frontend.

Header Format

Security Best Practices

To keep your VKRA account and data secure, follow these best practices:

• Keep Your API Keys Secret: Never share your API keys or commit them to version control (e.g., GitHub). Use environment variables to manage your keys.
• Rotate Keys Regularly: Periodically rotate your API keys to minimize the impact of a potential leak.
• Use Scoped Keys: Use different API keys for different environments (e.g., one for development and another for production).
• Monitor Usage: Regularly check your usage dashboard for any unexpected activity.

Rate Limiting

API rate limits are applied per API key. We include rate limit information in the response headers of every request.

If you exceed the rate limit, the API will return a 429 Too Many Requests error.