Vibengine
Resources

API Keys

Manage your Vibengine API keys

API Keys

API keys authenticate your application with the Vibengine platform. Every SDK call requires a valid API key.

Creating an API Key

  1. Sign in to the Vibengine Dashboard
  2. Navigate to SettingsAPI Keys
  3. Click Create New Key
  4. Give the key a descriptive name (e.g., "production-backend" or "local-dev")
  5. Copy the key immediately — it will only be shown once

Store your key securely. The full API key is only displayed at creation time. If you lose it, you will need to generate a new one.

Using API Keys in Your App

The Vibengine SDK automatically reads the VE_API_KEY environment variable. This is the simplest and most secure approach.

export VE_API_KEY=ve_sk_your_api_key_here

Then use the SDK without passing the key explicitly:

import { Sandbox } from "vibengine"

// SDK reads VE_API_KEY from environment automatically
const sandbox = await Sandbox.create()
from vibengine import Sandbox

# SDK reads VE_API_KEY from environment automatically
sandbox = Sandbox.create()

Constructor Parameter

You can also pass the API key directly when creating a sandbox. This is useful when managing multiple keys programmatically.

import { Sandbox } from "vibengine"

const sandbox = await Sandbox.create({
  apiKey: "ve_sk_your_api_key_here",
})
from vibengine import Sandbox

sandbox = Sandbox.create(api_key="ve_sk_your_api_key_here")

Key Lookup Order

The SDK resolves the API key in this order:

  1. Constructor parameterapiKey (JS) or api_key (Python) passed directly
  2. Environment variableVE_API_KEY

If neither is found, the SDK throws an authentication error.

Key Rotation

Rotate your API keys periodically to maintain security:

  1. Create a new key in the dashboard
  2. Update your application environment to use the new key
  3. Deploy the change and verify it works
  4. Revoke the old key in the dashboard

Zero-downtime rotation — Create the new key before revoking the old one. Both keys will work simultaneously until you revoke the old key.

Multiple Keys for Different Environments

Use separate API keys for each environment to maintain isolation and simplify auditing.

EnvironmentKey NameUsage
Developmentdev-localLocal development and testing
Stagingstaging-backendPre-production testing
Productionprod-backendLive application
CI/CDci-githubAutomated tests in pipelines

This way, revoking a compromised development key does not affect production.

Security Best Practices

  • Never commit API keys to version control. Use .env files and add them to .gitignore.
  • Use environment variables in production. Most hosting platforms (Vercel, Railway, AWS) support secure environment variable configuration.
  • Rotate keys regularly, especially after team member departures.
  • Use separate keys per environment so a leaked dev key cannot access production resources.
  • Monitor usage in the dashboard to detect unexpected activity.
  • Set budget alerts to catch runaway usage early.
# .env file (add .env to .gitignore)
VE_API_KEY=ve_sk_your_api_key_here
# .gitignore
.env
.env.local
.env.production

CI/CD Pipelines

Use Vibengine sandboxes in CI/CD workflows

Billing

Understanding Vibengine pricing and billing

On this page

API KeysCreating an API KeyUsing API Keys in Your AppEnvironment Variable (Recommended)Constructor ParameterKey Lookup OrderKey RotationMultiple Keys for Different EnvironmentsSecurity Best Practices