Authentication

All /api/v1/* endpoints require an API key sent in the Authorization header as a Bearer token. No cookies, no session, just the key.

http
Authorization: Bearer yvt_live_...

Getting a key

  1. Sign in and visit your API keys page.
  2. Click Generate API key.
  3. Copy the plaintext key immediately. It is shown exactly once.

One key per account

Each account has one active API key. Regenerate it to rotate credentials. The previous key stops working immediately.

Authentication errors

Auth failures always return 401 unauthorized. The message deliberately does not distinguish between a key that never existed and a key that was revoked.

SentResponse
No Authorization header401 unauthorized: Missing API key
Authorization without Bearer prefix401 unauthorized: Missing API key
Bearer token not starting with yvt_live_401 unauthorized: Invalid API key
Unknown or revoked key401 unauthorized: Invalid API key

These 401s do not carry the X-RateLimit-* headers because rate limits apply only after authentication succeeds.

Storage tips

  • Treat the key like a password.
  • Inject via environment variable (YVT_API_KEY), never commit it to source control.
  • If you suspect a leak, regenerate immediately. The old key stops working on the next request.

We use Google Analytics cookies and note which site referred you, so we know how people find us. Nothing personal, nothing sold. See our Privacy Policy.