API Authentication

Learn how to securely authenticate your requests to our API.

Authentication Methods

API Keys

Bearer Token Authentication

Include your API key in the Authorization header of each request:

curl -X GET \
  'https://api.vps-provider.com/v1/instances' \
  -H 'Authorization: Bearer your_api_key_here'

API Key Management

  • • Generate keys in your account dashboard
  • • Set custom permissions per key
  • • Rotate keys regularly
  • • Monitor key usage

OAuth 2.0

Authorization Flow

  1. 1. Register your application
  2. 2. Obtain client credentials
  3. 3. Request authorization code
  4. 4. Exchange code for access token
  5. 5. Use access token in requests

Security Best Practices

Key Security

Do's

  • • Use environment variables
  • • Rotate keys regularly
  • • Use separate keys per service
  • • Monitor key usage

Don'ts

  • • Hardcode keys in code
  • • Share keys between teams
  • • Commit keys to version control
  • • Use production keys in testing

Access Control

Permission Scopes

  • • read:instances - View VPS instances
  • • write:instances - Modify VPS instances
  • • read:billing - View billing information
  • • write:billing - Modify payment methods

Error Handling

Authentication Errors

// Invalid API Key
{
  "error": "unauthorized",
  "message": "Invalid API key provided",
  "status": 401
}

// Insufficient Permissions
{
  "error": "forbidden",
  "message": "Insufficient permissions for this action",
  "status": 403
}

Next Steps

Now that you understand authentication, explore our API endpoints and start building.

View API EndpointsSee Code Examples