Authentication
BlogVault API requests are authenticated with an API token in the Authorization header:
Authorization: Bearer YOUR_API_TOKEN
Tokens are account-specific. Generate and revoke them from My Account → API Credentials. Treat a token like a password: keep it on your server, inject it through an environment variable or secret manager, and rotate it when a team member or integration changes ownership.
Production server
The current v6 contract publishes one production server:
https://api.blogvault.net/api/v6
There is no sandbox server in the current OpenAPI contract. Do not point runnable examples at production until you have confirmed the site, account, and operation are safe.
Interactive reference
The Scalar API reference can construct requests, but credentials are not persisted by this documentation site. Avoid entering production credentials into a shared browser session. For destructive operations, prefer copying the generated request into your own controlled environment.
Common authentication errors
| HTTP status | Code | Meaning |
|---|---|---|
401 |
unauthorized |
The token is missing, malformed, or invalid. |
403 |
forbidden |
Authentication succeeded, but the account cannot perform the action. |
See the error reference for the response envelope and actionable details.