Every request to the Varmo API must include an API key passed as a Bearer token in theDocumentation Index
Fetch the complete documentation index at: https://docs.varmo.fi/llms.txt
Use this file to discover all available pages before exploring further.
Authorization header. Varmo does not support session-based authentication or OAuth — the API key is the sole authentication mechanism, and requests without a valid key are rejected immediately.
Get your API key
Contact Varmo to request API access. After Varmo provisions your account, you receive an API key scoped to your organisation. Each key grants access to the resources tied to your account only — keys cannot be used to query data belonging to other issuers. If you manage multiple environments (e.g. staging and production), request a separate key for each. Varmo support can rotate or revoke individual keys without affecting others.Pass the key in requests
Include your API key in theAuthorization header of every HTTP request:
Keep your key secure
Store your API key as an environment variable and read it at runtime from your server-side code:JavaScript
Python
Authentication errors
If your request is rejected due to an authentication problem, Varmo returns one of the following HTTP error codes:| Status code | Error | Description |
|---|---|---|
401 Unauthorized | missing_token | The Authorization header is absent or malformed. Check that you are sending Bearer <YOUR_API_KEY> and that no whitespace or encoding issues are present. |
401 Unauthorized | invalid_token | The API key is present but not recognised — it may be incorrect, expired, or already revoked. Verify the key in your environment and contact Varmo support if the problem persists. |
403 Forbidden | insufficient_permissions | The API key is valid but does not have permission to access the requested resource. This typically means the key is scoped to a different environment or account. |