Authenticate API requests

Veryfront APIs use bearer credentials for server-side requests and MCP clients.

Steps

Create an API key in Veryfront Studio.
Store the key in a secret manager or local environment file.
Send the key in the Authorization header.
Keep API keys out of browser code.

Authorization header

Authorization: Bearer <API_KEY>

Try it with REST

Set the key:

Terminal

export VERYFRONT_API_KEY="<API_KEY>"

List projects: GET /projects

Terminal

curl https://api.veryfront.com/projects \
  -H "Authorization: Bearer $VERYFRONT_API_KEY"

API surfaces

Surface	Start here
REST	REST authentication, REST overview
GraphQL	Current User
MCP	Get Current User

Verify

Confirm the response returns projects you can access. Do not call Veryfront APIs with API keys from browser code. Use a server route or backend service for requests that need a secret key. Project-scoped requests also need access to the target project.

Goal	Page
Create an API key	Create API key
Manage project access	Manage project access
Compare API surfaces	API reference

API reference

API	Use
REST	Bearer authentication for resource requests.
GraphQL	Bearer authentication for typed queries.
MCP	Bearer authentication for assistant tools.

Overview Manage project access

​Steps

​Authorization header

​Try it with REST

​API surfaces

​Verify

​Next

​API reference