Authentication

API keys, the X-API-Key header, key rotation, and organization scoping.

Every request to the Vendor API is authenticated with an API key sent in the X-API-Key header.

curl -s "https://api.vitalview.ai/v1/studies" \
  -H "X-API-Key: vv_live_9f2c4e6a8b0d1f3a5c7e9b2d4f6a8c0e2b4d6f8a1c3e5b7d"

Keys

Getting a key

Keys are issued by the VitalView AI team during onboarding. Contact we@vitalview.ai to set up your organization and receive credentials. Multiple active keys per organization are supported, so you can roll keys without downtime:

  1. Request a second key.
  2. Deploy it to your integration.
  3. Ask us to revoke the old key (or revoke it via your account contact).

Security requirements

Failed authentication

HTTPCodeMeaning
401invalid_api_keyHeader missing or key unknown
403key_revokedThe key was revoked, request a new one

Next: Upload DICOM