Skip to main content
Vook authenticates every API request using API keys passed as Bearer tokens in the Authorization header. There are no sessions, cookies, or OAuth flows to manage — every request is stateless and self-contained. As long as your API key is valid and included in the request, Vook will process it. If the key is missing or incorrect, the request is rejected immediately with a clear error response.

Getting Your API Key

You generate and manage your API keys from the Vook dashboard. Follow these steps to get your first key.
1

Sign in to your dashboard

Go to app.vook.ai and sign in with your Vook credentials.
2

Open API Keys settings

Click on your account avatar or name in the top-right corner, then navigate to Settings → API Keys.
3

Generate a new key

Click Generate New Key, enter a descriptive name for the key (for example, production-app or dev-local), and confirm. Your new API key will appear on screen.
4

Copy and store it securely

Copy your API key immediately. For security reasons, Vook will only display the full key once. Store it in a secure location such as a password manager, a secrets manager, or a local .env file that is not committed to source control.
Never share your API key with anyone or expose it in public repositories, client-side code, or logs. If you believe a key has been compromised, revoke it immediately from Settings → API Keys and generate a replacement.

Using Your API Key

Pass your API key in the Authorization header of every request using the Bearer scheme. The examples below show how to do this in the most common HTTP clients. 
curl https://api.vook.ai/v1/ \
  -H "Authorization: Bearer YOUR_API_KEY"
Replace YOUR_API_KEY in every example with the actual key you generated from the Vook dashboard. Never hard-code keys directly in source files — use environment variables instead (see the security guidelines below).

API Key Security

Keeping your API keys secure is your responsibility. Follow these best practices to protect your keys and limit the blast radius if one is ever exposed. Use environment variables Store your API key in an environment variable instead of hard-coding it in your source code. For example: 
export VOOK_API_KEY="your_api_key_here"
Then read it in your application at runtime: 
import os
import requests

api_key = os.environ.get("VOOK_API_KEY")
headers = {"Authorization": f"Bearer {api_key}"}
Don’t commit keys to source control Add .env files and any file that might contain secrets to your .gitignore. Treat a committed API key as compromised — revoke it immediately and rotate to a new one. Rotate keys regularly Even if a key hasn’t been exposed, it’s good practice to rotate API keys on a regular schedule. You can generate a new key from the dashboard and update your environment variables without any downtime. Use separate keys per environment Create a distinct API key for each environment (development, staging, production). This limits the impact of a compromised key and makes it easy to revoke access to a single environment without affecting others.

Authentication Errors

When a request fails due to an authentication problem, Vook returns a standard HTTP error status code along with a JSON error body. The table below describes the authentication-related error codes you may encounter.
Status CodeNameMeaning
401 UnauthorizedMissing or invalid API keyYour request did not include an Authorization header, the header was malformed, or the API key does not exist. Check that you are passing the header as Authorization: Bearer YOUR_API_KEY.
403 ForbiddenValid key, insufficient permissionsYour API key was recognized but does not have permission to access the requested resource. This can happen if the key was scoped to specific endpoints or if your account lacks access to a feature.
A typical error response looks like this: 
{
  "error": {
    "code": 401,
    "message": "Unauthorized: missing or invalid API key."
  }
}
If you continue to see 401 errors after double-checking your key, try generating a new key from the dashboard. It’s possible the original key was revoked or expired. Contact Vook support if the problem persists.