Skip to main content

Documentation Index

Fetch the complete documentation index at: https://vmarea.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

The VMArea Public API uses API tokens exclusively. There is no OAuth flow, no session cookie, and no JWT for public API access.

API token format

All tokens begin with the prefix vmk_. Pass the token in the x-api-key request header: 
x-api-key: vmk_...

Obtaining a token

1

Open API Keys settings

Navigate to Settings → API Keys in the VMArea dashboard.
2

Create a new key

Click New API Key and give it a descriptive name (e.g., deploy-pipeline).
3

Select scopes

Choose the scopes you need — grant only what is required.
4

Set an expiry (optional)

Tokens without an expiry remain valid until manually revoked. Setting an expiry is recommended for CI/CD tokens.
5

Copy the secret

Click Create.
The secret is shown only once and cannot be retrieved again. Copy it immediately.

Token lifecycle

Created → In use → [Expired | Revoked]
  • A token is active from the moment of creation.
  • If an expiry was set, the token is automatically rejected after that date/time.
  • You can revoke any token from the dashboard at any time.
  • Deleting a token is permanent; requests using it will receive 401 Unauthorized.

Scopes

Tokens carry only the permissions you granted at creation. A request that requires a scope the token does not hold returns 403 Forbidden. See Scopes & permissions for the full list.

Usage examples

curl https://api.vmarea.com/api/public/v1/vms \
  -H "x-api-key: $VMAREA_TOKEN"

Security guidance

  • Never commit tokens to source control. Use environment variables or a secrets manager.
  • Use the minimum scope set needed for the integration.
  • Rotate tokens regularly, especially after any suspected exposure.
  • Set an expiry for tokens used in CI/CD environments.
  • Treat your vmk_ token with the same care as a password.