REST API
Auth Ticket
POST /api/v1/auth/ticket
Overview
Obtain a one-time ticket for establishing a WebSocket connection. Because the browser's native WebSocket API does not support custom HTTP headers, VAS uses a ticket mechanism: you first exchange your API key for a one-time ticket, then establish the WebSocket connection through Sec-WebSocket-Protocol.
Authentication
Header: X-API-Key (see Authentication)
Request Parameters
This endpoint does not require any request parameters.
Request Example
curl -X POST "https://vas-poc.vurbo.ai/api/v1/auth/ticket" \
-H "X-API-Key: vas_aB3dE5fG7hI9jK1lM3nO5pQ7rS9tU1vW"
Success Response
HTTP 200
{
"ticket": "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345",
"expires_in": 60
}
Response Fields
| Field | Type | Description |
|---|---|---|
ticket | string | One-time ticket (32-character random string) |
expires_in | integer | Validity period (seconds), fixed at 60 |
Ticket Characteristics
| Characteristic | Description |
|---|---|
| Validity period | Must be used within 60 seconds |
| One-time use | Deleted immediately after use; cannot be reused |
| Usage | Passed through Sec-WebSocket-Protocol in the format ticket.{ticket_value} |
Usage Example
After obtaining the ticket, establish the WebSocket connection as follows:
const ws = new WebSocket('wss://vas-poc.vurbo.ai/ws', [`ticket.${ticket}`]);
Specific Error Codes
| Error Code | HTTP Status | Description | Recommended Action |
|---|---|---|---|
ticket_invalid | 401 | Ticket is invalid or has expired | Call this API again to obtain a new ticket |
ticket_expired | 401 | Ticket has expired (more than 60 seconds) | Call this API again to obtain a new ticket |
ticket_already_used | 401 | Ticket has already been used | Call this API again to obtain a new ticket |
ticket_validation_failed | 500 | Ticket validation service error | Retry later |
Version: V1.5.7 Last Updated: 2026-05-20