Partner API Reference
Last updated: March 2026Programmatically submit audio for processing, track job progress, verify outputs, and receive webhook notifications — all via authenticated REST endpoints.
Contents
Overview
VoSound allows you to programmatically submit audio for processing and receive studio-quality outputs. Use the Partner API to automate your audio pipeline without any manual interaction.
// 1. Submit POST /api/v1/process Authorization: Bearer vsk_… // 2. Poll GET /api/v1/jobs/:jobId Authorization: Bearer vsk_… // 3. Verify (no auth needed) POST /api/v1/certificates/:certId/verify-hash
What you can do
- Submit audio files for processing via a direct HTTPS URL
- Track job progress by polling a status endpoint
- Receive webhook notifications when jobs complete — no polling required
- Verify processed outputs via the Proof-of-Processing certificate system
Who this is for
Developers, platforms, and partners integrating VoSound audio processing into their products — including DAWs, distribution services, label tools, and compliance systems.
Base URL
https://vosound.com
All endpoints are relative paths. All responses are JSON with Cache-Control: no-store.
Authentication
All API endpoints (except the verification endpoint) require a VoSound API key. Pass your key as a Bearer token in the Authorization header on every request.
Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx
Rules
- Format — Keys are prefixed with vsk_ and are case-sensitive.
- Storage — Keys are hashed server-side. The raw key is only shown once at issuance — store it securely.
- Revocation — Revoked or invalid keys return HTTP 401 on every request.
- Issuance — API keys are issued by VoSound staff. Contact your account manager to request access.
Submit Job
/api/v1/processSubmit audio for processingQuick start
curl -X POST https://vosound.com/api/v1/process \
-H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"audioUrl": "https://example.com/audio.wav",
"genrePackId": "clx123abc",
"callbackUrl": "https://partner.example.com/webhooks/vosound"
}'Request Body
| Field | Type | Required | Description |
|---|---|---|---|
audioUrl | string | required | Publicly reachable HTTPS URL of the audio file. Supported formats: WAV, MP3, FLAC, AAC, OGG. Maximum file size: 50 MB. Private/internal addresses are rejected. |
genrePackId | string | required | ID of the Genre Pack to apply. Genre Pack IDs are provided by VoSound at onboarding. |
title | string | optional | Display title for the track. Maximum 200 characters. If omitted, the filename from audioUrl is used. |
callbackUrl | string | optional | HTTPS endpoint to receive a webhook notification when the job reaches a terminal state. See Section 5 for full behavior rules. |
Response — 200 OK
| Field | Type | Description |
|---|---|---|
jobId | string | Unique job identifier. Store this to poll for status. |
status | string | Always QUEUED on initial creation. |
pollUrl | string | Relative URL to poll for job status. |
{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "QUEUED",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}Validation
- audioUrl — must be HTTPS. Private/internal addresses and unsafe redirects are blocked.
- genrePackId — must reference an active Genre Pack. Returns 400 if not found or inactive.
- title — if provided, must be a string ≤ 200 characters.
- callbackUrl — if provided, must be HTTPS and publicly reachable. See Section 5.
Rate Limit
10 submissions per API key per hour. Excess requests receive HTTP 429.
Check Job Status
/api/v1/jobs/:jobIdRetrieve job statusQuick start
curl https://vosound.com/api/v1/jobs/clxxxxxxxxxxxxxxxxx \ -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
Path Parameter
| Field | Type | Required | Description |
|---|---|---|---|
jobId | string | required | The job ID returned by POST /api/v1/process. |
Response — 200 OK
| Field | Type | Description |
|---|---|---|
jobId | string | Job identifier. |
status | string | Current status. See status table below. |
createdAt | ISO 8601 | When the job was submitted. |
completedAt | ISO 8601 | null | When the job reached a terminal state. Null while in progress. |
certificateId | string | Only present on SUCCEEDED. Proof-of-Processing certificate ID. |
verifyUrl | string | Only present on SUCCEEDED. Public URL to view and verify the certificate. |
{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "RUNNING",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": null
}Job Statuses
| Status | Meaning |
|---|---|
QUEUED | Waiting to be picked up for processing. |
RUNNING | Processing is actively underway. |
SUCCEEDED | Processing complete. certificateId and verifyUrl are now available. |
FAILED | Processing failed. The job will not be retried automatically. |
CANCELLED | The job was cancelled before completion. |
Webhook Callbacks
Webhook Callbacks — callbackUrl
Include a callbackUrl in your request to receive a POST notification when the job reaches a terminal state (succeeded, failed, or cancelled). This field is entirely optional.
POST /api/v1/process
Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx
Content-Type: application/json
{
"audioUrl": "https://partner.example.com/audio.wav",
"genrePackId": "clx123abc",
"callbackUrl": "https://partner.example.com/webhooks/vosound"
}An HTTPS endpoint that receives a POST request when the job reaches a terminal state. Must be a publicly reachable HTTPS URL. Internal network addresses are not permitted.
Accepted
- If omitted — No webhook will be sent. The field may be left out entirely.
- If null — No webhook will be sent. Equivalent to omitting the field.
- If a valid HTTPS URL — A webhook POST will be sent when the job reaches a terminal state.
Rejected — returns HTTP 400
- Empty string — An empty string ("") is not a valid URL.
- Non-HTTPS URL — URLs starting with http:// or any other scheme are rejected.
- Non-string value — Numbers, booleans, and objects are rejected. Must be a string.
- Private or internal address — Addresses resolving to private IP ranges, loopback, or link-local are blocked.
callbackUrl and a null callbackUrl as “no callback requested.” You can omit the field entirely or explicitly set it to null — both are valid and result in no webhook being attempted.Behavior Table
| callbackUrl value | Outcome |
|---|---|
| omitted | Accepted — no webhook will be sent |
| null | Accepted — no webhook will be sent |
| "https://partner.example.com/hook" | Accepted — webhook will be sent on terminal state |
| "http://partner.example.com/hook" | Rejected — 400 (not HTTPS) |
| "" (empty string) | Rejected — 400 (empty strings not allowed) |
| 123 (number) | Rejected — 400 (must be a string) |
| "https://192.168.1.1/hook" | Rejected — 400 (private address) |
Request Examples
Leave out callbackUrl entirely. No webhook will be sent.
{
"audioUrl": "https://example.com/audio.wav",
"genrePackId": "clx123abc"
}Setting callbackUrl to null is identical to omitting it.
{
"audioUrl": "https://example.com/audio.wav",
"genrePackId": "clx123abc",
"callbackUrl": null
}A valid HTTPS endpoint. VoSound will POST to this URL when the job completes.
{
"audioUrl": "https://example.com/audio.wav",
"genrePackId": "clx123abc",
"callbackUrl": "https://partner.example.com/webhooks/vosound"
}Non-HTTPS URLs are rejected with HTTP 400.
{
"audioUrl": "https://example.com/audio.wav",
"genrePackId": "clx123abc",
"callbackUrl": "http://partner.example.com/webhooks/vosound"
}Webhook Payload
When a job reaches a terminal state, VoSound sends a POST request to your callbackUrl with a JSON body. The event field identifies which terminal state was reached.
Request headers sent by VoSound
Content-Type: application/json User-Agent: vosound-webhook/1.0
Delivery semantics
- 2xx response — delivery confirmed, no further attempts.
- Non-2xx / timeout / network error — delivery failed. No automatic retry in v1.
- 3xx redirects — not followed; treated as a failure.
- Timeout — requests abort after 5 seconds.
Event Types & Payload Examples
job.succeeded— processing completed successfully{
"event": "job.succeeded",
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}certificateId and verifyUrl are only present on job.succeeded.
job.failed— processing failed{
"event": "job.failed",
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "FAILED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:01:12.000Z",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}job.cancelled— job was cancelled before completion{
"event": "job.cancelled",
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "CANCELLED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:00:45.000Z",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}Verification Endpoint
Verify the authenticity of a processed audio file by submitting its SHA-256 hash. This is a machine-to-machine trust check — useful for DAWs, label tools, and compliance systems that need to confirm a file matches its certificate without downloading anything.
/api/v1/certificates/:certId/verify-hashVerify a processed output by hashQuick start
curl -X POST \
https://vosound.com/api/v1/certificates/VSC-A1B2C3D4/verify-hash \
-H "Content-Type: application/json" \
-d '{"sha256": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"}'Path Parameter
| Field | Type | Required | Description |
|---|---|---|---|
certId | string | required | The certificate ID (e.g. VSC-A1B2C3D4). Case-insensitive — normalised internally. |
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
sha256 | string | required | 64-character lowercase hex SHA-256 hash of your processed output file. Case-insensitive — normalised to lowercase before comparison. |
Responses
{
"verified": true,
"match": true,
"certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"providedHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"meta": {
"apiVersion": "1",
"portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
"docsUrl": "https://vosound.com/docs/api"
}
}{
"verified": true,
"match": false,
"certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"providedHash": "b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2",
"meta": {
"apiVersion": "1",
"portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
"docsUrl": "https://vosound.com/docs/api"
}
}{ "verified": false, "error": "Invalid SHA-256 hash" }{
"verified": false,
"error": "Certificate not found",
"meta": { "apiVersion": "1" }
}Response Field Semantics
- verified — true when the request was processed successfully (regardless of whether hashes match).
- match — true when the provided hash equals the stored certificate hash.
- certHash — the SHA-256 hash stored in the certificate record.
- providedHash — your hash after normalisation (trimmed, lowercased).
Rate Limit
30 requests per minute per IP. Excess requests receive HTTP 429.
Error Handling
All authenticated endpoints return errors as a JSON object with a single error field. Validation is strict and fail-closed — if a field is invalid or missing, the request is rejected immediately.
{ "error": "Human-readable description of the problem." }{ "verified": false, "error": "Certificate not found", "meta": { "apiVersion": "1" } }The verification endpoint is unauthenticated and uses an extended error shape. On 400 (invalid hash) and 404 (certificate not found), the response includes verified: false so callers can distinguish a lookup failure from a successful but non-matching hash. On 429 (rate limit exceeded), the response follows the standard shape { error: "..." }. See Section 6 for all response schemas.
| Code | Meaning |
|---|---|
400 | Bad request — a field is missing, invalid, or failed validation. |
401 | Unauthorized — API key is missing or invalid. |
403 | Forbidden — you do not have access to this resource. |
404 | Not found — the job or certificate does not exist. |
429 | Rate limit exceeded — see per-endpoint limits above. |
500 | Internal server error — contact support if this persists. |
CORS
All v1 endpoints support cross-origin requests. Preflight OPTIONS requests are handled on every endpoint and return HTTP 204.
| Endpoint | CORS Headers |
|---|---|
POST /api/v1/process | Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization |
GET /api/v1/jobs/:jobId | Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization |
GET /api/v1/usage | Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization |
POST /api/v1/certificates/:certId/verify-hash | Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type |
Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization Cache-Control: no-store Content-Type: application/json
Integration Flow
Follow these steps for a complete end-to-end integration with the VoSound Partner API.
Obtain an API key
API keys are issued by VoSound. Contact your account manager or VoSound staff to request access. Keys are prefixed with vsk_ and should be stored securely — treat them like passwords.
Submit a job
Send a POST request to /api/v1/process with your audio URL, genre pack ID, and an optional callbackUrl. The response immediately returns a jobId and pollUrl.
Track the job
Poll GET /api/v1/jobs/:jobId every 5–10 seconds until status is no longer QUEUED or RUNNING. If you registered a callbackUrl, a webhook will also fire when the job reaches a terminal state. Always implement polling as a fallback — webhook delivery is best-effort and not guaranteed.
Handle the result
On SUCCEEDED, the response includes a certificateId and verifyUrl. Use verifyUrl to share a public proof-of-processing page, or call the verification endpoint to machine-check the output hash. On FAILED or CANCELLED, no certificate is issued.
Verify the output (optional)
If you have the SHA-256 hash of the processed output file, call POST /api/v1/certificates/:certId/verify-hash to confirm it matches the certificate on record. No API key required for this endpoint.
Monitor your usage (optional)
Call GET /api/v1/usage with your API key to view a 30-day job summary and a list of your most recent jobs. Use ?limit to control how many are returned (default 10, max 25). Useful for auditing outputs and tracking certificate issuance.
Complete Example Flow
curl -X POST https://vosound.com/api/v1/process \
-H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx" \
-H "Content-Type: application/json" \
-d '{
"audioUrl": "https://partner.example.com/tracks/session-12.wav",
"genrePackId": "clx123abc",
"callbackUrl": "https://partner.example.com/webhooks/vosound"
}'{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "QUEUED",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}curl https://vosound.com/api/v1/jobs/clxxxxxxxxxxxxxxxxx \ -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}POST https://partner.example.com/webhooks/vosound
Content-Type: application/json
User-Agent: vosound-webhook/1.0
{
"event": "job.succeeded",
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}curl "https://vosound.com/api/v1/usage?limit=5" \ -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
{
"last30Days": { "total": 42, "succeeded": 39, "failed": 2, "cancelled": 1 },
"recentJobs": [
{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
"hasCallback": true
}
]
}curl -X POST \
https://vosound.com/api/v1/certificates/VSC-A1B2C3D4/verify-hash \
-H "Content-Type: application/json" \
-d '{"sha256": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"}'{
"verified": true,
"match": true,
"certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"providedHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"meta": {
"apiVersion": "1",
"portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
"docsUrl": "https://vosound.com/docs/api"
}
}Best Practices
A minimal, correct integration uses polling as a primary signal and webhooks as an optional complement:
// 1. Submit
const { jobId } = await submit({ audioUrl, genrePackId });
// 2. Poll until terminal
let job;
do {
await sleep(5000);
job = await poll(jobId);
} while (job.status === "QUEUED" || job.status === "RUNNING");
// 3. Handle result
if (job.status === "SUCCEEDED") useResult(job.certificateId, job.verifyUrl);
else handleFailure(job.status);Always use HTTPS
Both audioUrl and callbackUrl must be HTTPS. Non-HTTPS values are rejected immediately with HTTP 400.
Validate your webhook endpoint
Make sure your callbackUrl is publicly reachable, returns a 2xx response promptly, and handles duplicate deliveries gracefully. Idempotency on your side prevents double-processing.
Store jobId immediately
Persist the jobId from the submission response before doing anything else. It is the only way to retrieve job status and is not re-issued.
Use polling and webhooks as complements
Webhooks are best-effort and may not be delivered in all failure scenarios. Always implement polling as a fallback to confirm final job state.
Handle retries on your side
v1 makes a single webhook delivery attempt. If delivery fails, poll GET /api/v1/jobs/:jobId to retrieve the terminal state and act accordingly.
Usage Endpoint
Retrieve a summary of your API activity: a 30-day aggregate and a list of your most recent jobs. Useful for monitoring your integration, auditing outputs, and tracking certificate issuance without logging into the dashboard.
/api/v1/usageRetrieve job summary and recent activityAuthorization: Bearer vsk_… on every request. Omitting or providing an invalid key returns HTTP 401.Quick start
curl "https://vosound.com/api/v1/usage?limit=5" \ -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
Query Parameters
| Field | Type | Required | Description |
|---|---|---|---|
limit | integer | optional | Number of recent jobs to return. Default: 10. Maximum: 25. |
Response — 200 OK
| Field | Type | Description |
|---|---|---|
last30Days.total | integer | Total jobs submitted by this key in the last 30 days. |
last30Days.succeeded | integer | Jobs that completed successfully. |
last30Days.failed | integer | Jobs that encountered a processing error. |
last30Days.cancelled | integer | Jobs cancelled before completion. |
recentJobs | array | Most recent jobs, newest first. Length is controlled by the limit parameter. |
recentJobs[].jobId | string | Unique job identifier. |
recentJobs[].status | string | Current job status (QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLED). |
recentJobs[].createdAt | ISO 8601 | When the job was submitted. |
recentJobs[].completedAt | ISO 8601 | null | When the job reached a terminal state. Null while in progress. |
recentJobs[].certificateId | string | null | Certificate ID. Only present on SUCCEEDED jobs. |
recentJobs[].verifyUrl | string | null | Public verification URL. Only present on SUCCEEDED jobs. |
recentJobs[].hasCallback | boolean | Whether a callbackUrl was registered for this job. |
{
"last30Days": {
"total": 42,
"succeeded": 39,
"failed": 2,
"cancelled": 1
},
"recentJobs": [
{
"jobId": "clxxxxxxxxxxxxxxxxx",
"status": "SUCCEEDED",
"createdAt": "2026-03-24T10:00:00.000Z",
"completedAt": "2026-03-24T10:02:34.000Z",
"certificateId": "VSC-A1B2C3D4",
"verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
"hasCallback": true
},
{
"jobId": "clyyyyyyyyyyyyyyyyy",
"status": "FAILED",
"createdAt": "2026-03-23T08:10:00.000Z",
"completedAt": "2026-03-23T08:11:02.000Z",
"certificateId": null,
"verifyUrl": null,
"hasCallback": false
}
]
}VoSound Partner API — Patent Pending U.S. App. No. 64/015,963