Authentication
The VIN Decoder API supports two authentication methods: Token Authentication and API Key Authentication. Choose the method that best fits your use case.
Token Authentication
Token authentication is tied to your user account and is automatically generated when you sign up. This method is ideal for personal projects and testing.
How to use:
Include your token in the Authorization header:
Authorization: Token your-token-here
Example Request:
curl -X POST https://api.vinreveal.com/api/v1/decode \
-H "Authorization: Token your-token-here" \
-H "Content-Type: application/json" \
-d '{"vin": "WAUAFAFL1DN015882"}'
Pros
- Automatically generated on signup
- No additional setup required
- Perfect for testing
- Easy to get started
Cons
- Cannot be regenerated
- Single token per account
- Less secure for production
- Cannot set permissions
API Key Authentication
API keys provide more flexibility and security. You can create multiple keys, set permissions, and revoke them individually. Recommended for production applications.
How to use:
Include your API key in the X-API-Key header:
X-API-Key: your-api-key-here
Example Request:
curl -X POST https://api.vinreveal.com/api/v1/decode \
-H "X-API-Key: your-api-key-here" \
-H "Content-Type: application/json" \
-d '{"vin": "WAUAFAFL1DN015882"}'
Pros
- Create multiple keys
- Can be regenerated
- Set custom permissions
- Better for production
- Individual key revocation
- Usage tracking per key
Cons
- Requires manual creation
- Additional management needed
Authentication Comparison
| Feature | Token Authentication | API Key Authentication |
|---|---|---|
| Setup Required | None | Manual creation |
| Multiple Credentials | No | Yes |
| Can Regenerate | No | Yes |
| Custom Permissions | No | Yes |
| Usage Tracking | Account level | Per key |
| Best For | Testing & Development | Production Applications |
Security Best Practices
Important Security Guidelines
- Never expose credentials in client-side code - API calls should be made from your backend
- Use environment variables - Store credentials in environment variables, not in code
- Rotate keys regularly - Create new API keys periodically and revoke old ones
- Use HTTPS only - Always make requests over HTTPS
- Implement rate limiting - Protect your quota by implementing client-side rate limiting
- Monitor usage - Regularly check your usage statistics for anomalies
Authentication Errors
Common authentication errors and how to resolve them:
| Error Code | Message | Solution |
|---|---|---|
401 |
Authentication credentials were not provided | Include the Authorization or X-API-Key header |
401 |
Invalid token | Check that your token is correct and properly formatted |
403 |
Invalid API key | Verify your API key is correct and active |
403 |
API key has been deactivated | The API key has been revoked. Create a new one |
Need Help?
If you're having trouble with authentication:
- Ensure you're using the correct header format
- Verify your credentials in your account settings
- Try the interactive API explorer at Swagger UI
- Contact support at support@vinreveal.com