Docs/Get started/Authentication

Authentication

Every Varmir API call is authenticated with a single Bearer token. No client secrets, no OAuth handshake — just one header you generate in the dashboard.

Get an API key

Open the API keys tab in your dashboard, give the key a name (e.g. Production) and click Create key. The raw value is shown once — store it in your secret manager immediately.

All keys are prefixed with mstk_ so they're easy to grep for in logs.

Authorization header

Pass the key as a Bearer token in the Authorization header on every request — REST and WebSocket alike.

HTTP

Authorization: Bearer mstk_your_key

Rotation & revocation

Create a new key, deploy it everywhere, then Revoke the old one from the dashboard. Revoked keys start failing with 401 invalid_api_key immediately; usage charts retain their history so audits stay possible.

Previous← Quickstart NextYour first transcription →