All API requests require authentication using a Bearer token (API key).
Include your API key in the Authorization header:
curl -X GET https://api.vilna.io/v1/addresses \
-H "Authorization: Bearer YOUR_API_KEY"- Store securely: Use environment variables or secrets management services
- Never expose: Don't include API keys in client-side code or public repositories
- Rotate regularly: Change your API keys periodically for better security
- Use separate keys: Different keys for development, staging, and production
Vilna signs all webhook requests to ensure they're authentic and haven't been tampered with.
Every webhook request from Vilna includes these headers:
| Header | Description |
|---|---|
X-Vilna-Signature | HMAC-SHA256 signature of the request |
X-Vilna-Timestamp | Unix timestamp when the request was sent |
X-Vilna-Event | Event type (e.g., "transaction.confirmed") |
X-Vilna-Event-Id | Unique event identifier |
X-Vilna-Idempotency-Key | Unique key for preventing duplicate processing |
Security is our top priority. If you've found a vulnerability, please report it to [email protected]