Authentication
Vantage uses API keys to authenticate requests. Include your key in the Authorization header with every request.
API Keys
Getting Your Key
- Go to Settings → API
- Click Create API Key
- Give it a name (e.g., “Zapier Integration”)
- Copy the key immediately
API keys are shown once. If you lose it, create a new one. You cannot retrieve existing keys.
Key Types
| Type | Prefix | Purpose |
|---|---|---|
| Live | vnt_sk_live_ | Production use |
| Test | vnt_sk_test_ | Development/testing |
Test keys work identically but operate in test mode. No real data is affected.
Using Your Key
Include the key in the Authorization header:
curl https://api.govantage.co/v1/clients \
-H "Authorization: Bearer vnt_sk_live_xxxxx"Examples
curl https://api.govantage.co/v1/clients \
-H "Authorization: Bearer vnt_sk_live_xxxxx" \
-H "Content-Type: application/json"Key Permissions
API keys inherit the permissions of the user who created them:
| User Role | API Access |
|---|---|
| Owner | Full access |
| Admin | Full access |
| Manager | Their team’s data |
| Member | Their own data |
Create a dedicated service account for API integrations. This makes it easy to audit API usage.
Key Management
Viewing Keys
See all keys in Settings → API:
- Key name
- Created date
- Last used
- Created by
Revoking Keys
To revoke a key:
- Go to Settings → API
- Find the key
- Click Revoke
- Confirm
Revoked keys stop working immediately.
Rotating Keys
To rotate without downtime:
- Create new key
- Update your integration
- Verify new key works
- Revoke old key
Security Best Practices
Do
- Store keys in environment variables
- Use test keys for development
- Rotate keys periodically
- Use minimal permissions needed
Don’t
- Commit keys to version control
- Share keys via email or chat
- Use live keys in development
- Give one key to multiple services
If you suspect a key is compromised, revoke it immediately and create a new one.
Environment Variables
Store keys safely:
# .env file
VANTAGE_API_KEY=vnt_sk_live_xxxxx// Usage
const apiKey = process.env.VANTAGE_API_KEY;Authentication Errors
| Status | Code | Meaning |
|---|---|---|
| 401 | unauthorized | Missing or invalid key |
| 403 | forbidden | Key lacks permission |
Missing Key
{
"error": {
"code": "unauthorized",
"message": "No API key provided"
}
}Invalid Key
{
"error": {
"code": "unauthorized",
"message": "Invalid API key"
}
}Insufficient Permissions
{
"error": {
"code": "forbidden",
"message": "API key does not have access to this resource"
}
}OAuth
For apps that need to act on behalf of users, OAuth 2.0 support is on the roadmap:
- Authorization code flow
- Granular scopes
- Token refresh
Contact us at legal@govantage.co if you need OAuth access for your integration.
Next Steps
- API Introduction - Endpoint overview
- Rate Limits - Usage limits
- Error Handling - Handle errors