Every request to the Vehicle Lookup API must include a valid API key. The key authenticates your requests and links them to your account.
**How Authentication Works:**
1. You pass your API key as a query parameter: `?api_key=YOUR_KEY`
2. The server validates the key against the database
3. If the key is valid and your account is active, the request is processed
4. If the key is invalid, expired, or your account is suspended, a `404` error is returned
**Keeping Your API Key Secure:**
- **Do not share your key publicly** - While the key is visible in your website's HTML source, avoid posting it in public forums, documentation, or screenshots
- **Use HTTPS** - Always load the widget and API over HTTPS to prevent interception
- **Monitor usage** - Check your VRM usage regularly for unexpected spikes
- **Regenerate if compromised** - If you suspect your key has been shared, regenerate it from the admin panel and update your website
**What Happens If My Key Is Invalid?**
If your API key is invalid or your account is not active:
- The widget displays an error message: "Invalid or missing API key"
- No vehicle data is returned
- No VRM lookups are processed
**Regenerating Your API Key:**
If you need a new API key:
1. Log in to your admin panel
2. Navigate to **Step 5: API Integration**
3. Click **Regenerate API Key**
4. Copy the new key
5. Update the key on your website (in your HTML code or WordPress settings)
**Warning:** Regenerating your key immediately invalidates the old key. Your widget will stop working until you update the key on your website.
