Authentication
All API requests require an API key passed via the X-API-Key header.
API Key Types
| Type | Prefix | Permissions |
|---|---|---|
| Read Only | vpx_ro_ | Search, view contacts and signals |
| Standard | vpx_live_ | Full buyer access: search, reveal, purchase signals |
| Full Access | vpx_full_ | All permissions including enrichment, webhooks, auto-buy |
Making Requests
Include your API key in every request header:
bash
curl https://api.siedata.dev/api/v1/contacts/search?q=plumber \ -H "X-API-Key: vpx_live_YOUR_KEY_HERE"
python
import requests
resp = requests.get(
"https://api.siedata.dev/api/v1/contacts/search",
params={"q": "plumber", "state": "CA"},
headers={"X-API-Key": "vpx_live_YOUR_KEY_HERE"},
)
print(resp.json())javascript
const res = await fetch(
"https://api.siedata.dev/api/v1/contacts/search?q=plumber&state=CA",
{ headers: { "X-API-Key": "vpx_live_YOUR_KEY_HERE" } }
);
const data = await res.json();Key Rotation
We recommend rotating keys every 90 days. You can have up to 5 active keys at once, enabling zero-downtime rotation:
- Create a new key from the API Keys dashboard.
- Update your application to use the new key.
- Verify requests succeed with the new key.
- Revoke the old key.
IP Whitelisting
Optionally restrict API key usage to specific IP addresses or CIDR ranges. Requests from non-whitelisted IPs will receive a 403 Forbidden response.
Security Best Practices
- Never commit API keys to version control.
- Use environment variables or a secrets manager.
- Set the most restrictive key type that covers your use case.
- Enable IP whitelisting for production environments.
- Monitor usage from the dashboard and revoke unused keys.