API Keys Guide
API Keys provide secure authentication for your development tools and programmatic access to VibeXP. Connect Claude Code, Cursor, VS Code, or build custom integrations.
Overview
VibeXP API Keys act as secure tokens that authenticate your tools while accessing your personalized prompts, artifacts, memories, and other productivity features without requiring manual login each time.
Key Benefits
- Seamless Integration: No manual login required for tools
- Enhanced Security: Token-based auth with instant revocation
- Usage Tracking: Monitor when and where keys are used
- Granular Control: Separate keys for different tools
- No Password Exposure: Main account credentials stay secure
Creating API Keys
Step-by-Step
- Log into app.vibexp.io
- Navigate to Settings → API Keys
- Click Create New API Key
- Enter details:
- Name: Descriptive name (e.g., "Work Laptop - Cursor")
- Description: Optional notes about usage
- Click Create
- IMMEDIATELY COPY THE KEY - it's only shown once
API keys are displayed only once during creation. Copy and save the key immediately. If you lose it, you'll need to create a new one.
Key Format
VibeXP API keys follow this format:
vib_1234567890abcdef1234567890abcdef1234567890abcdef1234567890ab
- Prefix:
vib_identifies it as a VibeXP key - Token: 64-character random string
- Hashing: Stored as SHA-256 hash for security
Using API Keys
With MCP Integration
Configure your AI tools to use the API key:
Claude Code CLI:
claude mcp add --transport http vibexp_io_common \
https://api.vibexp.io/mcp/v1/common \
--header "Authorization: Bearer vib_YOUR_API_KEY_HERE"
Cursor IDE:
{
"mcpServers": {
"vibexp_io_common": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-http"],
"env": {
"MCP_HTTP_URL": "https://api.vibexp.io/mcp/v1/common",
"MCP_HTTP_HEADERS": "Authorization: Bearer vib_YOUR_API_KEY_HERE"
}
}
}
}
VS Code:
{
"mcp.servers": {
"vibexp_io_common": {
"url": "https://api.vibexp.io/mcp/v1/common",
"headers": {
"Authorization": "Bearer vib_YOUR_API_KEY_HERE"
}
}
}
}
With REST API
Include the API key in the Authorization header:
curl -H "Authorization: Bearer vib_YOUR_API_KEY_HERE" \
https://api.vibexp.io/api/v1/prompts
With Custom Applications
// Node.js example
const axios = require('axios');
const client = axios.create({
baseURL: 'https://api.vibexp.io/api/v1',
headers: {
'Authorization': 'Bearer vib_YOUR_API_KEY_HERE'
}
});
// Fetch prompts
const prompts = await client.get('/prompts');
# Python example
import requests
headers = {
'Authorization': 'Bearer vib_YOUR_API_KEY_HERE'
}
response = requests.get(
'https://api.vibexp.io/api/v1/prompts',
headers=headers
)
prompts = response.json()
Managing API Keys
Viewing Keys
In the API Keys dashboard, you can see:
- Key Name: Your descriptive name
- Prefix: First few characters (e.g.,
vib_1234...) - Created: When the key was generated
- Last Used: Most recent usage timestamp
- Status: Active or Revoked
The full key is never displayed after creation for security reasons.
Revoking Keys
To revoke an API key:
- Go to Settings → API Keys
- Find the key to revoke
- Click Revoke or Delete
- Confirm the action
Immediate Effect: Tools using the revoked key lose access instantly.
Rotating Keys
Periodically rotate keys for security:
- Create a new API key
- Update tool configurations with new key
- Verify new key works
- Revoke old key
Recommended rotation frequency: Every 90 days
Security Best Practices
Storage
✅ Do:
- Store keys in password managers
- Use environment variables in applications
- Keep keys in secure configuration files
- Use secret management services (AWS Secrets Manager, HashiCorp Vault)
❌ Don't:
- Commit keys to version control (Git, SVN)
- Share keys in public channels (Slack, email)
- Store in plain text files
- Include in client-side code
Usage
✅ Do:
- Use descriptive names for keys
- Create separate keys per tool/environment
- Monitor usage regularly
- Rotate keys periodically
- Revoke unused keys immediately
❌ Don't:
- Share keys between team members
- Use production keys in development
- Leave old keys active after rotation
- Use the same key across multiple projects
Organization
By Tool:
Work Laptop - Claude Code
Work Laptop - Cursor
Personal MacBook - VS Code
CI/CD Pipeline - GitHub Actions
By Environment:
Development - Local
Staging - Test Server
Production - Main App
CI/CD - Automated Tests
Monitoring Usage
Usage Dashboard
Track API key activity:
- Last Used: Timestamp of most recent use
- Request Count: Number of API calls
- Tool Type: Which tool is using the key
- Actions: What operations were performed
Unusual Activity
Watch for:
- Keys used from unexpected locations
- Sudden spike in API calls
- Failed authentication attempts
- Usage after hours
If you notice suspicious activity:
- Immediately revoke the key
- Create a new key
- Review recent account activity
- Contact support if necessary
Troubleshooting
"Invalid API Key" Error
Causes:
- Key was revoked or deleted
- Typo in key (extra spaces, missing characters)
- Using wrong environment's key
- Key not properly configured in tool
Solutions:
- Verify key hasn't been revoked in dashboard
- Check for copy-paste errors
- Ensure no extra quotes or spaces
- Create new key if original is lost
"Unauthorized" Error
Causes:
- Trying to access resources you don't own
- Key lacks necessary permissions
- Account suspended or restricted
Solutions:
- Verify you're accessing your own data
- Check account status in dashboard
- Contact support if issue persists
Tool Not Connecting
Causes:
- Incorrect tool configuration
- Network/firewall blocking requests
- Tool not restarted after configuration
- API key format issue
Solutions:
- Double-check configuration syntax
- Restart the tool completely
- Verify network access to api.vibexp.io
- Review tool-specific documentation
Rate Limits
Current Limits
- Free Tier: 1,000 requests/hour
- Pro Tier: 10,000 requests/hour
- Enterprise: Custom limits
When Limit Exceeded
- HTTP 429 (Too Many Requests) returned
- Retry-After header indicates wait time
- Limits reset at top of each hour
Handling Rate Limits
// Implement exponential backoff
async function makeRequestWithRetry(fn, maxRetries = 3) {
for (let i = 0; i < maxRetries; i++) {
try {
return await fn();
} catch (error) {
if (error.response?.status === 429) {
const delay = Math.pow(2, i) * 1000; // Exponential backoff
await new Promise(resolve => setTimeout(resolve, delay));
continue;
}
throw error;
}
}
throw new Error('Max retries exceeded');
}
API Endpoints
Authentication
All API requests require the Authorization header:
Authorization: Bearer vib_YOUR_API_KEY_HERE
Available Endpoints
Prompts:
GET /api/v1/prompts
GET /api/v1/prompts/{id}
POST /api/v1/prompts
PUT /api/v1/prompts/{id}
DELETE /api/v1/prompts/{id}
Artifacts:
GET /api/v1/artifacts
GET /api/v1/artifacts/{project}/{slug}
POST /api/v1/artifacts
PUT /api/v1/artifacts/{project}/{slug}
DELETE /api/v1/artifacts/{project}/{slug}
Memories:
GET /api/v1/memories
GET /api/v1/memories/{id}
POST /api/v1/memories
PUT /api/v1/memories/{id}
DELETE /api/v1/memories/{id}
See full API documentation for detailed endpoint information.
Frequently Asked Questions
How many API keys can I create?
No limit. Create as many keys as needed for your tools and environments.
Can I regenerate a lost API key?
No. If lost, you must create a new key and revoke the old one.
Do API keys expire?
No automatic expiration, but we recommend rotating keys every 90 days for security.
Can I limit what an API key can access?
Currently, API keys have full account access. Scoped permissions are planned for future releases.
Are there different types of API keys?
Currently one type. Future releases may include read-only keys and service-specific keys.
Can I use the same key on multiple machines?
Yes, but we recommend separate keys per machine for better security and tracking.
Related Features
- MCP Server Integration - Use API keys with MCP
- Quick Start - Get started with API keys
- Prompts - Access via API
- Artifacts - Manage via API
- Memory - Interact via API