Appearance
Authentication
All API endpoints require an API key, with a few exceptions for public data.
API key
Pass your API key in one of two ways:
- Header (recommended):
x-api-key: YOUR_KEY - Query parameter:
?apiKey=YOUR_KEY
Example
bash
curl -H "x-api-key: YOUR_KEY" \
"https://api.vaulto.ai/api/trading/valuation?eventSlug=spacex-ipo"javascript
const response = await fetch(
'https://api.vaulto.ai/api/trading/valuation?eventSlug=spacex-ipo',
{ headers: { 'x-api-key': process.env.VAULTO_API_KEY } }
);python
import requests
response = requests.get(
'https://api.vaulto.ai/api/trading/valuation',
params={'eventSlug': 'spacex-ipo'},
headers={'x-api-key': API_KEY}
)Getting an API key
- Go to the Vaulto Dashboard
- Sign in or create an account
- Navigate to API Keys and click Create Key
- Copy your key — it won't be shown again
Keep your key secure
- Store keys in environment variables, not in code
- Never commit keys to version control
- Rotate keys if you suspect they've been exposed
Trading endpoints
Trading endpoints require an additional header:
| Header | Description | Example |
|---|---|---|
x-api-key | Your API key | vaulto_abc123... |
x-user-id | Your wallet address | 0x1234...5678 |
bash
curl -H "x-api-key: YOUR_KEY" \
-H "x-user-id: 0x1234...5678" \
"https://api.vaulto.ai/api/trading/positions"Public endpoints
These endpoints don't require authentication:
| Endpoint | Description |
|---|---|
GET /api/pricing | Get current API pricing |
GET /api/trading/events | List available IPO events |
GET /api/trading/valuation | Get event pricing data |
Key management API
You can manage keys programmatically using a dashboard API key (different from regular API keys):
| Method | Path | Description |
|---|---|---|
GET /api/keys | List keys (masked) | |
POST /api/keys | Create a new key | |
DELETE /api/keys/:id | Revoke a key |
Dashboard keys are configured server-side and should never be exposed to clients.
Advanced: CORS configuration
For API server administrators
If you're running the API server and want the docs "Try it" feature to work, you need to configure CORS.
What is CORS?
The docs send requests from your browser to the API. The API must allow the docs origin in its CORS configuration.
Configuration
Set CORS_ORIGINS on your API server (e.g., Railway) as a comma-separated list:
bash
CORS_ORIGINS=https://app.vaulto.ai,https://your-docs.netlify.app,http://localhost:5173- Include the docs site origin (e.g.,
https://your-docs.netlify.app) - For local development, include
http://localhost:5173 - No trailing slashes
After changing the environment variable, redeploy the API server.