🔐 Authentication

Learn how to authenticate with Vigthoria services using API keys, OAuth, or session tokens.

🔑 Authentication Methods

Vigthoria supports multiple authentication methods depending on your use case:

API Keys (Recommended for APIs)

Best for server-to-server integrations and backend applications.

Log in to your account at vigtherius.io
Navigate to Settings → API Keys
Click Generate New API Key
Give your key a descriptive name (e.g., "Production Server")
Copy and securely store your key - it won't be shown again!

OAuth 2.0 (For User Authentication)

Best for applications that need to act on behalf of users.

Supported providers: Google, GitHub, Discord

Session Tokens (Web Apps)

Automatically managed when using the Vigthoria web interface.

📡 Using API Keys

HTTP Header Authentication

Include your API key in the Authorization header:

Authorization: Bearer vk_live_abc123xyz789...

Example Request

curl -X POST https://api.vigthoria.io/v1/viagen6/chat \
  -H "Authorization: Bearer vk_live_abc123xyz789" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello, ViAgen6!"}'

JavaScript Example

const response = await fetch('https://api.vigthoria.io/v1/viagen6/chat', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer vk_live_abc123xyz789',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        message: 'Hello, ViAgen6!'
    })
});

const data = await response.json();
console.log(data.response);

Python Example

import requests

response = requests.post(
    'https://api.vigthoria.io/v1/viagen6/chat',
    headers={
        'Authorization': 'Bearer vk_live_abc123xyz789',
        'Content-Type': 'application/json'
    },
    json={'message': 'Hello, ViAgen6!'}
)

print(response.json()['response'])

🔒 API Key Types

Key Prefix	Type	Usage
vk_live_	Production	Live environment, real charges apply
vk_test_	Sandbox	Testing environment, no charges
vk_pub_	Publishable	Client-side use (limited permissions)

🛡️ API Key Scopes

Control what your API key can access:

Scope	Description
chat:read	Read chat conversations
chat:write	Send messages and create chats
generate:music	Create music generations
generate:video	Create video generations
generate:image	Create image generations
billing:read	View billing information
billing:write	Manage subscriptions and payments

⚠️ Keep Your API Keys Secure

Never expose API keys in client-side code or public repositories
Use environment variables to store keys
Rotate keys regularly and after any suspected compromise
Use scoped keys with minimal permissions needed

🚨 If Your Key Is Compromised

Immediately revoke the key in Settings → API Keys
Generate a new key
Update your applications with the new key
Review your usage logs for unauthorized access

🔄 Token Refresh

API keys don't expire, but OAuth tokens do. For OAuth implementations:

// Refresh an expired token
POST /auth/token/refresh
{
    "refresh_token": "rt_abc123..."
}

// Response
{
    "access_token": "at_new123...",
    "expires_in": 3600,
    "refresh_token": "rt_xyz789..."
}

💡 Best Practice: Use Environment Variables

# .env file (never commit this!)
VIGTHORIA_API_KEY=vk_live_abc123xyz789

# In your code
const apiKey = process.env.VIGTHORIA_API_KEY;

Previous: Quick Start Next: REST API