Authentication

The VastCap API uses API keys to authenticate requests. You can view and manage your API keys in your VastCap Dashboard.

Your API keys carry many privileges, so be sure to keep them secure. Do not share your API keys in publicly accessible areas such as GitHub, client-side code, etc.

API Key Authentication

All API requests must include your API key in the request body as clientKey.

{
  "clientKey": "YOUR_API_KEY"
}

Example Request

curl -X POST https://captcha.vast.sh/api/solver/getBalance \
  -H "Content-Type: application/json" \
  -d '{
    "clientKey": "YOUR_API_KEY"
  }'

Error Responses

If authentication fails, you’ll receive one of the following errors:

ERROR_KEY_DOES_NOT_EXIST - The API key does not exist
ERROR_IP_NOT_ALLOWED - IP address is not allowed
ERROR_ACCOUNT_DISABLED - Account is disabled
ERROR_INSUFFICIENT_BALANCE - Insufficient balance

Best Practices

Keep your API key secret - Do not expose your API key in public repositories or client-side code.
Use environment variables - Store your API key in environment variables instead of hardcoding them.
Rotate keys regularly - Create new API keys periodically and revoke old ones.
Monitor usage - Regularly check your API usage to detect any suspicious activity.

API Reference

​Authentication

​API Key Authentication

​Example Request

​Error Responses

​Best Practices

Authentication

API Key Authentication

Example Request

Error Responses

Best Practices