Edit on GitHub
Reference10 min read

API Reference

The Vault REST API is the underlying transport for the SDK. Use this reference if you are building a custom client or debugging raw HTTP traffic.

Authentication

All requests must include a Bearer token in the Authorization header. Get your API key from the dashboard under Settings → API Keys.

bash
curl https://api.vault.dev/v1/infer \
  -H "Authorization: Bearer vlt_live_xxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"model":"vault-3-turbo","prompt":"Hello"}'
Never expose your API key in client-side code or public repositories. Rotate a compromised key immediately from the dashboard.

Endpoints

Base URL: https://api.vault.dev/v1

POST/inferRun a single inference request. Returns a typed response object.
POST/streamStream a response as server-sent events (SSE).
GET/modelsList available models and their context window sizes.
GET/workspacesList workspaces accessible with the current API key.
POST/tokenizeCount tokens for a prompt without running inference.

Rate Limits

Limits are per workspace. The SDK handles 429 responses with exponential backoff by default.

Free10 RPM100k TPMDevelopment and testing only.
Pro100 RPM1M TPMSmall production workloads.
Team500 RPM10M TPMMedium-scale production.
EnterpriseCustom RPMCustom TPMContact sales for custom limits.

Webhooks

Register a webhook endpoint to receive async inference results and usage events. Vault signs each request with an HMAC-SHA256 signature.

app/api/vault-webhook/route.ts
import { verifyWebhook } from '@vault/sdk/webhooks';

export async function POST(req: Request) {
  const body = await req.text();
  const sig  = req.headers.get('x-vault-signature') ?? '';

  const event = verifyWebhook(body, sig, process.env.VAULT_WEBHOOK_SECRET!);

  if (event.type === 'inference.completed') {
    console.log('Result:', event.data.text);
  }

  return new Response('ok');
}

Error Codes

400Bad RequestThe request body is malformed or missing required fields.
401UnauthorizedMissing or invalid API key.
403ForbiddenThe API key does not have access to this workspace or model.
404Not FoundThe requested resource does not exist.
429Too Many RequestsRate limit exceeded. Retry after the Retry-After header value.
500Internal Server ErrorVault encountered an unexpected error. Retrying is safe.
Last updated March 2025 | Edit on GitHub