Cloud API
API Keys
Manage your VisionPipe API keys for server-side integration.
API Keys
Manage your VisionPipe API keys for server-side integration.
Creating an API Key
- Sign in at visionpipe.com/login
- Navigate to Cloud Console → API Keys
- Click Add Key
- Enter a descriptive name (e.g., "Production", "Development")
- Click Create Key
- Copy your key immediately - you won't be able to see it again
Key Format
API keys use the format:
vp_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxvp_live_- Prefix identifying VisionPipe keys- 64 hex characters - Cryptographically random identifier
Security
Hashed Storage
For your security, we only store a SHA-256 hash of your API key. This means:
- We cannot retrieve your key if you lose it
- Even if our database is compromised, your keys are safe
- You must copy the key when it's first displayed
Best Practices
- Never commit keys to git - Use environment variables
- Use different keys for development and production
- Rotate keys periodically - Delete old keys and create new ones
- Delete unused keys - Reduce attack surface
Using Your API Key
HTTP Header (Recommended)
Include your API key in the Authorization header with the Bearer prefix:
Authorization: Bearer YOUR_API_KEYEnvironment Variables
# .env
VISIONPIPE_API_KEY=vp_live_xxxx...
# Node.js
const apiKey = process.env.VISIONPIPE_API_KEY;API Endpoints
Create Playground Session
Generate a playground session URL that can be shared or embedded. This endpoint deducts 1 credit from your account.
Request:
curl -X POST https://visionpipe3d.quochuy.dev/api/v1/sessions \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Response:
{
"success": true,
"credits": 2,
"playgroundUrl": "https://visionpipe3d.quochuy.dev/playground?token=eyJ...",
"token": "eyJ...",
"expiresIn": 86400
}| Field | Description |
|---|---|
success | Whether the session was created successfully |
credits | Remaining credits after deduction |
playgroundUrl | Full URL to access the playground session |
token | JWT token (valid for 24 hours by default) |
expiresIn | Token expiration time in seconds |
Error Responses:
| Status | Error | Description |
|---|---|---|
| 401 | Missing or invalid Authorization header | API key not provided |
| 401 | Invalid API key format | Key doesn't match expected format |
| 401 | Invalid API key | Key not found or deleted |
| 402 | Insufficient credits | No credits remaining |
Example (Node.js):
const response = await fetch('https://visionpipe3d.quochuy.dev/api/v1/sessions', {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.VISIONPIPE_API_KEY}`,
'Content-Type': 'application/json',
},
});
const data = await response.json();
console.log('Playground URL:', data.playgroundUrl);Use Cases:
- Generate shareable demo links for clients
- Embed playground in your own application via iframe
- Programmatically create sessions for users
Managing Keys
View Keys
Go to API Keys to see all your keys with:
- Key name
- Key prefix (first 12 characters)
- Last used date
- Created date
Delete Keys
Click Delete next to any key to revoke it immediately. Deleted keys:
- Cannot be used for new requests
- Are soft-deleted for audit compliance
- Cannot be recovered
Audit Logging
All key operations are logged for security:
- Key creation (with IP address)
- Key deletion (with IP address)
- Key usage (last used timestamp)
These logs are available for 90 days and can be requested for compliance purposes.