Back to docs

Authentication

Manage API keys, organization roles, and access control for your VectorLay resources.

API Keys

API keys are the primary way to authenticate with the VectorLay API. Each key is scoped to your organization and can be created or revoked from the dashboard.

# Include your API key in the Authorization header
curl -H "Authorization: Bearer vl_your_api_key" \
  https://api.vectorlay.com/v1/clusters

Key format

API keys follow the format vl_ followed by 32 random characters. Keys are shown once at creation time and cannot be retrieved later.

Key management

  • Create: Generate new keys from the dashboard API Keys page
  • Name: Give keys descriptive names (e.g., "production", "ci-cd")
  • Revoke: Immediately disable a key if compromised
  • Rotate: Create a new key, update your services, then revoke the old one

Organization Roles

VectorLay uses role-based access control within organizations:

Owner

Full access. Can manage billing, members, API keys, and all resources. One per organization.

Admin

Can manage clusters, API keys, and invite members. Cannot modify billing or delete the organization.

Member

Can create and manage their own clusters. Can view organization resources.

SSH Keys

For SSH access to your VMs, add SSH public keys to your organization settings. All organization members' keys are authorized on every VM in the organization.

# Connect to your VM via SSH
ssh <vm-id>@ssh.vectorlay.com

Security Best Practices

  • Never commit API keys to source control
  • Use environment variables or secret managers
  • Rotate keys regularly and after team member departures
  • Use the minimum required role for each team member
  • Revoke unused keys promptly