How This Helps

Secure API access is essential for integrating Visual Layer with your pipelines or external tools. This guide shows how to retrieve your API credentials and use them to generate a JWT for authenticated requests.

Step 1: Get Your API Key and Secret

To obtain your API key and secret:
1

Log in to Visual Layer

Go to https://app.visual-layer.com and sign in with your user account.
2

Visit the API Credentials Page

Navigate to https://app.visual-layer.com/api/v1/api_credentials while logged in.
You must be authenticated in the browser for this to work. The request depends on your active browser session.

Request

GET /api/v1/api_credentials
Cookies: SESSION=<session from authenticated user browser session>

Example Response

{
  "api_key": "<api_key>",
  "api_secret": "<api_secret>",
  "message": "API key created. Write down the secret – it's only shown once!"
}
You can also run this using curl: 
curl -b SESSION=<session from authenticated user browser session> https://app.visual-layer.com/api/v1/api_credentials

Step 2: Generate JWT Token for Authentication

Use your API key and secret to generate a JWT token, which is required for authenticated API requests.

JWT Token Authentication

JWTs must be included in the Authorization header as a Bearer token type on every request.
These tokens are short-lived and should be regenerated periodically.

Example Python Code

⚠️ Please make sure you have PyJWT installed. If not, install it using: 
python -m pip install PyJWT

import jwt
from datetime import datetime, timezone, timedelta

def generate_jwt(api_key: str, api_secret: str):
    jwt_algorithm = "HS256"
    jwt_header = {
        'alg': jwt_algorithm,
        'typ': 'JWT',
        'kid': api_key,
    }
    
    # Convert datetime objects to Unix timestamps (seconds since epoch)
    now = datetime.now(tz=timezone.utc)
    expiration = now + timedelta(minutes=10) # Time can be modified as needed
    
    payload = {
        'sub': api_key,
        'iat': int(now.timestamp()),  # Convert to Unix timestamp
        'exp': int(expiration.timestamp()),  # Convert to Unix timestamp
        'iss': 'sdk'
    }
    
    return jwt.encode(payload=payload, key=api_secret, algorithm=jwt_algorithm, headers=jwt_header)

api_token = generate_jwt(api_key, api_secret)

print("VL_Token:" + api_token)
JWT tokens expire quickly by design. For best security and performance, regenerate tokens every 10 minutes.