X-API-Key header.
There are no OAuth flows, bearer tokens, or session cookies on this surface.
Creating an API key
- Sign in to VoucherGrid.
- Open Settings → Account → API Keys.
- Click Create key, choose the scopes you need, and copy the full key value. The full key is shown once – store it in a secret manager immediately.
Key format
API keys are issued in two formats:| Prefix | Mode | Use |
|---|---|---|
vg_live_ | Live | Production traffic |
vg_test_ | Test | Test-mode traffic and rehearsals |
Sending the key
Include the key in theX-API-Key header on every request:
Authentication failures
| Status | Reason |
|---|---|
| 401 | X-API-Key header missing |
| 401 | API key not recognised |
| 401 | API key has been revoked |
| 401 | API key has expired |
| 403 | Tenant account is disabled |
| 403 | Tenant subscription is not active Professional |
| 403 | Key is location-scoped and the request targets a different scope |
| 403 | Key is missing one of the scopes required by the endpoint |
Tenant scoping
Every API key belongs to exactly one tenant. All reads and writes performed via the key are automatically scoped to that tenant – you cannot read or modify another tenant’s data, and there is no tenant ID parameter to override.Location-scoped keys
A key may optionally be scoped to a single location. When that is the case:- Voucher list/get/redeem operations only see vouchers at that location.
- Voucher creation forces the new voucher to that location. Passing a different
location_idin the request body returns403 Forbidden.