Authentication#

All requests to the VPN Signal API require authentication using an API key.

API Key Authentication#

Every request to the /api/v1/check endpoint must include a valid API key in the Authorization header.

Header Format#

Authorization: Bearer YOUR_API_KEY

Example Request#

bash

curl -X POST https://vpnsignal.io/api/v1/check \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"ip": "1.1.1.1"}'

Warning

Never expose your API key in client-side code. Always make API calls from your server.

Obtaining an API Key#

To get your API key:

Log in to the dashboard
Navigate to API Keys
Click Create New Key
Give your key a descriptive name (e.g., "Production Server" or "Development")
Copy the key immediately - it won't be shown again

Key Properties#

Property	Description
Name	Friendly name for the key
Prefix	First 8 characters (e.g., `sk_live_`)
Created	Timestamp of creation
Last Used	Most recent API call

Revoking Keys#

To revoke a compromised or unused key:

Go to API Keys in the dashboard
Click the delete icon next to the key
Confirm revocation

Important

Revoking a key is immediate and irreversible. Any requests using that key will fail instantly.

Rate Limits#

API keys are subject to rate limits based on your plan:

Plan	Requests/Day	Requests/Second
Free	100	1
Starter	10,000	10
Pro	100,000	50
Enterprise	Unlimited	100

When you exceed your limit, the API returns:

json

{
  "error": "rate_limit_exceeded",
  "message": "Daily request limit exceeded",
  "retry_after": 3600
}

Security Best Practices#

Rotate keys regularly - Create new keys and revoke old ones periodically
Use environment variables - Never hardcode keys in your codebase
Restrict key scope - Use separate keys for development and production
Monitor usage - Check the dashboard for unusual activity
Server-side only - Never expose keys in browser JavaScript

Next Steps#

View the API reference for endpoint details
Understand error codes for proper error handling
Learn about risk scoring