Skip to main content

Authentication

The My Virtual Office API uses API keys to authenticate requests. API keys are tied to your seller account and allow you to make requests on behalf of your account.

Generating API Keys

  1. Log in to your My Virtual Office dashboard
  2. Navigate to Settings > API Keys
  3. Click Generate API Key
  4. Enter a name for your key (e.g., “Production API Key”)
  5. Optionally set an expiration date
  6. Click Generate Key
Your API key will only be shown once when it’s created. Make sure to copy and store it securely before closing the dialog.

Using API Keys

Include your API key in every request using one of these methods: 
curl -X POST https://api.my-virtual-office.com/api/customers \
  -H "X-API-Key: sk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"first_name": "John", "last_name": "Doe", "email": "john@example.com"}'

Authorization Bearer Header

curl -X POST https://api.my-virtual-office.com/api/customers \
  -H "Authorization: Bearer sk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"first_name": "John", "last_name": "Doe", "email": "john@example.com"}'

API Key Format

API keys follow this format: 
sk_live_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  • sk_live_ - Prefix identifying this as a live API key
  • 48 random alphanumeric characters

Key Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript that runs in the browser, mobile apps, or any publicly accessible code.
Store your API keys in environment variables rather than hardcoding them in your application code.
# .env
VIRTUAL_HUB_API_KEY=sk_live_your_api_key_here
Regularly generate new API keys and revoke old ones to minimize risk if a key is compromised.
Create separate API keys for development, staging, and production environments.
For additional security, set expiration dates on your API keys and rotate them before they expire.

Managing API Keys

From your dashboard, you can:
  • View all your API keys (only the prefix is shown for security)
  • See when each key was last used
  • Revoke keys that are no longer needed or may be compromised
  • Delete keys permanently

Authentication Errors

HTTP CodeErrorDescription
401UnauthorizedAPI key is missing
401UnauthorizedAPI key is invalid
401UnauthorizedAPI key has been revoked
401UnauthorizedAPI key has expired

Example Error Response

{
  "error": "Unauthorized",
  "message": "API key is required. Provide it via X-API-Key header or Authorization Bearer token."
}