Overview
The Vepler API uses API key authentication for all requests. You must include your API key in the x-api-key header of every request.
Keep your API keys secure! Never expose them in client-side code or public repositories.
Obtaining API Keys
Navigate to API Keys
Go to Settings → API Keys in your dashboard
Generate New Key
Click “Create New Key” and give it a descriptive name
Copy & Secure
Copy your key immediately - it won’t be shown again
Authentication Methods
API Key Authentication
Include your API key in the x-api-key header:
import { Vepler } from 'vepler-sdk';
const vepler = new Vepler({
apiKey: 'vpr_live_abc123...'
});
API Key Types
Production Environment
- Prefix:
vpr_live_
- Access to real data
- Counted against quota
- Full rate limits
vpr_live_sk_1234567890abcdef
Security Best Practices
Never hardcode API keys. Use environment variables:// ❌ Don't do this
const apiKey = 'vpr_live_sk_1234567890';
// ✅ Do this instead
const apiKey = process.env.VEPLER_API_KEY;
VEPLER_API_KEY=vpr_live_sk_1234567890
VEPLER_ENVIRONMENT=production
Rotate your API keys regularly:
- Generate new key in dashboard
- Update your application
- Verify new key works
- Delete old key
// Support key rotation with fallback
const primaryKey = process.env.VEPLER_API_KEY;
const fallbackKey = process.env.VEPLER_API_KEY_OLD;
try {
const vepler = new SDK({ apiKey: primaryKey });
await vepler.health.check();
} catch (error) {
// Fallback to old key temporarily
const vepler = new SDK({ apiKey: fallbackKey });
console.warn('Using fallback API key');
}
Restrict API keys to specific IP addresses:{
"name": "Production Server Key",
"type": "restricted",
"whitelist": [
"203.0.113.0/24",
"198.51.100.42"
]
}
Create keys with minimal required permissions:// Create a read-only key
const restrictedKey = await vepler.admin.createApiKey({
name: 'Read-Only Key',
scopes: ['property:read', 'epc:read'],
expiresIn: '30d'
});
Error Handling
Handle authentication errors gracefully:
try {
const property = await vepler.property.get('UK-123');
} catch (error) {
if (error.code === 'AUTH_INVALID_KEY') {
console.error('Invalid API key');
} else if (error.code === 'AUTH_EXPIRED_KEY') {
console.error('API key has expired');
} else if (error.code === 'AUTH_RATE_LIMIT') {
console.error('Rate limit exceeded');
}
}
Authentication Errors
| Error Code | Description | Solution |
|---|
401 | Invalid or missing API key | Check your API key is correct |
403 | Insufficient permissions | Upgrade plan or request access |
429 | Rate limit exceeded | Implement exponential backoff |
498 | Expired token | Generate a new API key |
Testing Authentication
Verify your setup with the health endpoint:
import { Vepler } from 'vepler-sdk';
const vepler = new Vepler({
apiKey: process.env.VEPLER_API_KEY
});
// Test with a property lookup
const response = await vepler.property.get('p_0x000123456789');
console.log(response.data);
// { id: 'p_0x000123456789', address: '...', ... }
Multiple Environments
Manage keys for different environments:
const config = {
development: {
apiKey: process.env.VEPLER_API_KEY_DEV,
baseUrl: 'https://sandbox.api.vepler.com'
},
staging: {
apiKey: process.env.VEPLER_API_KEY_STAGING,
baseUrl: 'https://staging.api.vepler.com'
},
production: {
apiKey: process.env.VEPLER_API_KEY_PROD,
baseUrl: 'https://api.vepler.com'
}
};
const environment = process.env.NODE_ENV || 'development';
const vepler = new SDK(config[environment]);
Next Steps
