Authentication

All public API requests are authenticated with a secret API key sent in the X-API-Key header.

Get Your API Key

Generate and manage API keys from your Account page under the API Keys tab.

New keys are only shown one time when you create or regenerate them. Copy the key immediately and store it somewhere secure so you do not lose it.

If you lose a key, regenerate it from the same account page. You can also manage and delete all of your keys there at any time.

Keep API keys in backend services, queue workers, or trusted integration middleware. Do not embed them in browser bundles.

cURL

curl "https://api.autoresourceco.com/api/v1/vin/decode?vin=5YJ3E1EA1KF123456" \
  -H "X-API-Key: your_api_key_here"

API keys are sent in the X-API-Key header on every public request.

Treat API keys like passwords. Do not embed them in browser code or mobile binaries.

Rotate keys immediately if they are exposed or copied into logs, tickets, or screenshots.

Once authentication is wired, validate your integration with GET /api/v1/vin/decode before moving into batch or Explorer workflows.