Authentication
Every request to the VQ Codes API must be authenticated with an API key sent in the X-Api-Key header.
Getting an API key
- Sign up for a free account at vqcodes.com/sign-up
- Go to your dashboard and navigate to the API keys section
- Create a token — give it a name and click create. Copy the token immediately; it will not be shown again.
Using the X-Api-Key header
Include your API key in every request using the X-Api-Key HTTP header:
curl -H "X-Api-Key: YOUR_API_KEY" \
"https://api.vqcodes.com/api/v1/codes/latest?pair=BTCUSD"
If the key is missing or invalid, the API returns a 401 Unauthorized response.
JWT token format
API keys are issued as JWT (JSON Web Token) strings, signed with RS256. Each token encodes your user ID, subscription tier, and token ID. The server verifies the signature on every request without needing a database lookup, making authentication fast and stateless.
Tokens do not expire by default, but you can revoke them at any time from your dashboard. Revoked tokens are rejected within seconds.
Rate limits
Rate limits are enforced per API key based on your subscription tier:
| Tier | Rate limit | Data access |
|---|---|---|
| Free | 100 req/min | Last 24 hours |
| Pro | 1,000 req/min | Full history |
| Enterprise | Custom | Full history + streaming |
When you exceed the rate limit, the API returns 429 Too Many Requests.
Check the Retry-After header for when you can make your next request.