Vinci uses API keys for authentication. Include your key in every request.
HTTP Header
Authorization: Bearer sk-your-api-key-here
Keep your API keys secure and never expose them in client-side code. Use environment variables or a secret manager.

Get your first API key

The easiest way to get started is by creating your first API key through the Vinci Dashboard.
  1. Sign in to your Vinci account
  2. Navigate to the API Keys page
  3. Click “Create New API Key”
  4. Give your key a descriptive name (e.g., “Development”, “Production”)
  5. Copy and securely store your API key
Your API key will only be shown once. Make sure to copy it immediately and store it securely.

Create API key

Endpoint
POST /api/v1/keys
Authentication
Authorization: Bearer sk-existing-api-key
Response
{
  "key_id": "vinci_abc123...",
  "name": "Production API Key",
  "api_key": "sk-your-new-api-key-here",
  "rate_limit": 10,
  "created_at": "2024-01-01T00:00:00Z"
}

curl -X POST "https://tryvinci.com/api/v1/keys" \
  -H "Authorization: Bearer sk-existing-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key",
    "rate_limit": 20
  }'
Tip Store the full API key securely as it will not be shown again.

List API keys

Endpoint
GET /api/v1/keys
Authentication
Authorization: Bearer sk-your-api-key-here
Response
{
  "api_keys": [
    {
      "key_id": "vinci_abc123...",
      "name": "Production API Key",
      "is_active": true,
      "created_at": "2024-01-01T00:00:00Z",
      "last_used": "2024-01-01T12:00:00Z",
      "key_preview": "sk-...abc123...",
      "rate_limit": 10
    }
  ],
  "count": 1
}

curl -X GET "https://tryvinci.com/api/v1/keys" \
  -H "Authorization: Bearer sk-your-api-key-here"

Revoke API key

Endpoint
DELETE /api/v1/keys/{key_id}
Authentication
Authorization: Bearer sk-your-api-key-here
Response
{
  "message": "API key revoked successfully",
  "key_id": "vinci_abc123..."
}

curl -X DELETE "https://tryvinci.com/api/v1/keys/vinci_abc123..." \
  -H "Authorization: Bearer sk-your-api-key-here"

Rate limits

Default: 10 requests/min. Max: 100 requests/min.
Rate limit headers
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 7
X-RateLimit-Reset: 1640995200

import time, requests

def get_with_retry(url, headers, max_retries=3):
  for attempt in range(max_retries):
    r = requests.get(url, headers=headers)
    if r.status_code == 429:
      time.sleep(60)
      continue
    r.raise_for_status()
    return r
  raise RuntimeError("Max retries exceeded")

Best practices

  • Rotate keys regularly.
  • Use different keys per environment.
  • Monitor last_used to identify stale keys.