https://api.velobase.io/v1 and bill every model call to an end-customer’s wallet. It is also a billing ledger (freeze, consume, deduct) for work you price yourself. Both surfaces share the same API keys.
Velobase uses API keys to authenticate requests. You can create and manage API keys from your dashboard under the Keys section of any project.
Bearer Token
Provide your API key in theAuthorization HTTP header using the Bearer scheme.
Example Request
To verify a key is working, call an authenticated endpoint such asGET /v1/models. (The unauthenticated /health endpoint does not require a key.)
Key Types
Velobase issues two kinds of API keys, distinguished by their prefix:- Project key (
vb_live_): A server-side key for your backend. It is not bound to any single customer, so billable requests must name the customer to charge with theX-Velobase-Customer: <user-id>header. - Customer-scoped key (
vb_customer_): A key bound to one of your customers. It carries its own customer binding, so no header is needed. These keys can be restricted to anallowedModelswhitelist and given anexpiresAt.
Non-billable endpoints like
GET /v1/models do not require a customer. Billable endpoints (such as /v1/chat/completions and /v1/messages) need a resolvable customer, from the header or the key binding, or they return a 400.Key Scoping
- Project Isolation: Every API key is scoped to a specific project. An API key created in Project A cannot access customers in Project B.
- Roll and Revoke: You can revoke an API key at any time from the dashboard if you suspect it has been compromised. Requests using a revoked key will immediately start failing with an
api_key_revokederror.
Authentication Errors
If your request cannot be authenticated, Velobase returns a401 Unauthorized status code.
| Error Code | Reason |
|---|---|
missing_api_key | The Authorization header is missing. |
invalid_api_key | The provided key is malformed, incorrect, or belongs to a deleted project. |
api_key_revoked | The key has been manually revoked in the dashboard. |