aid: vgs url: https://raw.githubusercontent.com/api-evangelist/vgs/refs/heads/main/apis.yml name: Very Good Security kind: company description: Very Good Security (VGS) is a data security and tokenization platform that lets companies collect, protect, and exchange sensitive data (cards, PII, bank accounts, credentials) without it touching their own systems, reducing PCI DSS and compliance scope. The platform exposes a Vault HTTP API for tokenization (aliases / redact / reveal), an Accounts management API for vaults, routes, and organizations, and a forward/reverse Proxy that aliases and de-aliases data in transit. image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg tags: - Security - Tokenization - Data Privacy - PCI Compliance - Vault created: '2026-06-20' modified: '2026-06-20' specificationVersion: '0.19' apis: - aid: vgs:vgs-vault-tokenization-api name: VGS Vault Tokenization API tags: - Tokenization - Aliases - Vault image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg humanURL: https://www.verygoodsecurity.com/docs/vault/api/ baseURL: https://api.sandbox.verygoodvault.com properties: - url: https://docs.verygoodsecurity.com/vault/tokens type: Documentation - url: https://www.verygoodsecurity.com/docs/vault/api/ type: APIReference - url: openapi/vgs-openapi.yml type: OpenAPI - url: collections/vgs.postman_collection.json type: PostmanCollection - url: collections/vgs.opencollection.json type: OpenCollection description: The VGS Vault HTTP API stores, retrieves, and manages sensitive values as aliases (tokens). Create aliases by value or by reference, reveal single or multiple aliases, update data classifiers, and delete aliases. Supports many alias formats (UUID, FPE_SIX_T_FOUR, NUM_LENGTH_PRESERVING, and more) and PERSISTENT or VOLATILE storage. Authenticated with HTTP Basic access credentials. - aid: vgs:vgs-accounts-management-api name: VGS Accounts Management API tags: - Management - Vaults - Organizations image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg humanURL: https://docs.verygoodsecurity.com/vault/platform/iam baseURL: https://accounts.apps.verygoodsecurity.com properties: - url: https://docs.verygoodsecurity.com/vault/developer-tools/vgs-cli/service-account type: Documentation - url: https://docs.verygoodsecurity.com/vault/platform/iam type: APIReference - url: openapi/vgs-openapi.yml type: OpenAPI - url: collections/vgs.postman_collection.json type: PostmanCollection - url: collections/vgs.opencollection.json type: OpenCollection description: The VGS Accounts / control plane API administers organizations and vaults, reads account and access-log details, and manages the resources behind the platform. Authenticated with a Bearer access token obtained from the VGS OAuth2 client-credentials endpoint, with service-account scopes such as vaults:read, vaults:write, organizations:read, and access-logs:read. - aid: vgs:vgs-routes-proxy-api name: VGS Routes & Proxy API tags: - Proxy - Routes - Inbound Outbound image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg humanURL: https://docs.verygoodsecurity.com/vault/http-proxy/outbound-connection baseURL: https://accounts.apps.verygoodsecurity.com properties: - url: https://docs.verygoodsecurity.com/vault/http-proxy/inbound-connection type: Documentation - url: https://docs.verygoodsecurity.com/vault/http-proxy/outbound-connection type: APIReference - url: openapi/vgs-openapi.yml type: OpenAPI description: Manage inbound (reverse) and outbound (forward) proxy routes that redact and reveal sensitive data in transit. Routes are CRUD-managed through the Accounts API and applied to a vault; the data plane is reached over the proxy hosts (for example {vault-id}.sandbox.verygoodproxy.com for inbound and the forward proxy on port 8443 for outbound) using HTTP Basic credentials. - aid: vgs:vgs-functions-api name: VGS Functions API tags: - Functions - Compute - Serverless image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg humanURL: https://docs.verygoodsecurity.com/vault/vgs-compute/functions baseURL: https://accounts.apps.verygoodsecurity.com properties: - url: https://docs.verygoodsecurity.com/vault/vgs-compute/functions type: Documentation - url: openapi/vgs-openapi.yml type: OpenAPI description: VGS Compute Functions run custom code inside the VGS security boundary to transform sensitive payloads (for example reformatting, enrichment, or custom tokenization) as part of a route, managed through the Accounts API and bound to a vault. - aid: vgs:vgs-organizations-api name: VGS Organizations API tags: - Organizations - IAM - Access Logs image: https://kinlane-images.s3.amazonaws.com/shared/apis-json/apis-json-logo.jpg humanURL: https://docs.verygoodsecurity.com/vault/platform/iam baseURL: https://accounts.apps.verygoodsecurity.com properties: - url: https://docs.verygoodsecurity.com/vault/platform/iam type: Documentation - url: openapi/vgs-openapi.yml type: OpenAPI description: Read organization details, members, vault assignments, and tenant access logs through the VGS Accounts control plane, governed by service-account scopes (organizations:read, access-logs:read) and Bearer authentication. common: - type: GitHubOrganization url: https://github.com/verygoodsecurity - type: LinkedIn url: https://www.linkedin.com/company/verygoodsecurity - type: Website url: https://www.verygoodsecurity.com - type: Documentation url: https://docs.verygoodsecurity.com - type: Plans url: plans/vgs-plans-pricing.yml - type: RateLimits url: rate-limits/vgs-rate-limits.yml - type: FinOps url: finops/vgs-finops.yml maintainers: - FN: Kin Lane email: kin@apievangelist.com