ViralSlides
All docs
API reference

Authentication

Issue, format, and rotate API keys for ViralSlides.

1 min readLast updated Edit this page

Getting a key

  1. Make sure your organization is on Pro or Business. Free/Starter plans don't have API access.
  2. Open /api-keys in the dashboard.
  3. Click Create new key, give it a memorable name (e.g. "CI pipeline"), and copy the secret. We show it exactly once.
  4. Store it in a secrets manager — we only keep a hashed copy.

Key format

Keys are prefixed with vs_ for greppability. Live keys: vs_live_<32 chars>. Test-mode keys (planned for v1.1): vs_test_<32 chars>. The full string is the credential — there's no separate key id and secret.

text
vs_live_8q3J9k1F2hPzN0xRtTcVwAyEgKbMnQ4Z

Sending the key

Pass the key as a Bearer token on every request:

http
GET /v0/api/v1/apps HTTP/1.1
Host: api.viralslides.app
Authorization: Bearer vs_live_8q3J9k1F2hPzN0xRtTcVwAyEgKbMnQ4Z

Revoking

Revoke a key from /api-keys at any time. Revocation is immediate (no grace period). If you suspect a leak, rotate by creating a new key first, deploying it, then revoking the old one to avoid downtime.

Security best practices

  • Never commit keys to source control. Use environment variables or a secrets manager.
  • Use a separate key per environment (production, staging, CI) so you can rotate independently.
  • Watch /api-keys for last_used_at to spot stale keys you can retire.
  • Server-side only — keys grant full access to your organization. Never ship them in client-side JavaScript or mobile binaries.
Lost a key?

We cannot recover a key once you've closed the reveal modal — only a hashed copy is stored. Revoke the lost key and create a new one.