VoSoundVoSound
VoSound/Partner API Referencev1

Partner API Reference

Last updated: March 2026

Programmatically submit audio for processing, track job progress, verify outputs, and receive webhook notifications — all via authenticated REST endpoints.

1

Overview

VoSound allows you to programmatically submit audio for processing and receive studio-quality outputs. Use the Partner API to automate your audio pipeline without any manual interaction.

End-to-end flow in 3 calls
// 1. Submit
POST /api/v1/process   Authorization: Bearer vsk_…
// 2. Poll
GET  /api/v1/jobs/:jobId   Authorization: Bearer vsk_…
// 3. Verify (no auth needed)
POST /api/v1/certificates/:certId/verify-hash

What you can do

  • Submit audio files for processing via a direct HTTPS URL
  • Track job progress by polling a status endpoint
  • Receive webhook notifications when jobs complete — no polling required
  • Verify processed outputs via the Proof-of-Processing certificate system

Who this is for

Developers, platforms, and partners integrating VoSound audio processing into their products — including DAWs, distribution services, label tools, and compliance systems.

Base URL

https://vosound.com

All endpoints are relative paths. All responses are JSON with Cache-Control: no-store.


2

Authentication

All API endpoints (except the verification endpoint) require a VoSound API key. Pass your key as a Bearer token in the Authorization header on every request.

Authorization header
Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx

Rules

  • Format Keys are prefixed with vsk_ and are case-sensitive.
  • Storage Keys are hashed server-side. The raw key is only shown once at issuance — store it securely.
  • Revocation Revoked or invalid keys return HTTP 401 on every request.
  • Issuance API keys are issued by VoSound staff. Contact your account manager to request access.

3

Submit Job

POST/api/v1/processSubmit audio for processing

Quick start

Try with curl
curl -X POST https://vosound.com/api/v1/process \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "audioUrl": "https://example.com/audio.wav",
    "genrePackId": "clx123abc",
    "callbackUrl": "https://partner.example.com/webhooks/vosound"
  }'

Request Body

FieldTypeRequiredDescription
audioUrlstringrequiredPublicly reachable HTTPS URL of the audio file. Supported formats: WAV, MP3, FLAC, AAC, OGG. Maximum file size: 50 MB. Private/internal addresses are rejected.
genrePackIdstringrequiredID of the Genre Pack to apply. Genre Pack IDs are provided by VoSound at onboarding.
titlestringoptionalDisplay title for the track. Maximum 200 characters. If omitted, the filename from audioUrl is used.
callbackUrlstringoptionalHTTPS endpoint to receive a webhook notification when the job reaches a terminal state. See Section 5 for full behavior rules.

Response — 200 OK

FieldTypeDescription
jobIdstringUnique job identifier. Store this to poll for status.
statusstringAlways QUEUED on initial creation.
pollUrlstringRelative URL to poll for job status.
{
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "QUEUED",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}

Validation

  • audioUrl — must be HTTPS. Private/internal addresses and unsafe redirects are blocked.
  • genrePackId — must reference an active Genre Pack. Returns 400 if not found or inactive.
  • title — if provided, must be a string ≤ 200 characters.
  • callbackUrl — if provided, must be HTTPS and publicly reachable. See Section 5.

Rate Limit

10 submissions per API key per hour. Excess requests receive HTTP 429.


4

Check Job Status

GET/api/v1/jobs/:jobIdRetrieve job status

Quick start

Try with curl
curl https://vosound.com/api/v1/jobs/clxxxxxxxxxxxxxxxxx \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"

Path Parameter

FieldTypeRequiredDescription
jobIdstringrequiredThe job ID returned by POST /api/v1/process.

Response — 200 OK

FieldTypeDescription
jobIdstringJob identifier.
statusstringCurrent status. See status table below.
createdAtISO 8601When the job was submitted.
completedAtISO 8601 | nullWhen the job reached a terminal state. Null while in progress.
certificateIdstringOnly present on SUCCEEDED. Proof-of-Processing certificate ID.
verifyUrlstringOnly present on SUCCEEDED. Public URL to view and verify the certificate.
SUCCEEDED (with certificate)
{
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "SUCCEEDED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:02:34.000Z",
  "certificateId": "VSC-A1B2C3D4",
  "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}
QUEUED / RUNNING (still in progress)
{
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "RUNNING",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": null
}

Job Statuses

StatusMeaning
QUEUEDWaiting to be picked up for processing.
RUNNINGProcessing is actively underway.
SUCCEEDEDProcessing complete. certificateId and verifyUrl are now available.
FAILEDProcessing failed. The job will not be retried automatically.
CANCELLEDThe job was cancelled before completion.
Ownership enforcement — you can only retrieve jobs created with your API key. Requests for jobs owned by a different key return HTTP 403.

5

Webhook Callbacks

Webhook Callbacks — callbackUrl

Include a callbackUrl in your request to receive a POST notification when the job reaches a terminal state (succeeded, failed, or cancelled). This field is entirely optional.

Quick start — with callback
POST /api/v1/process
Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx
Content-Type: application/json

{
  "audioUrl": "https://partner.example.com/audio.wav",
  "genrePackId": "clx123abc",
  "callbackUrl": "https://partner.example.com/webhooks/vosound"
}
FieldTypeRequiredcallbackUrlstringNo

An HTTPS endpoint that receives a POST request when the job reaches a terminal state. Must be a publicly reachable HTTPS URL. Internal network addresses are not permitted.

Accepted

  • If omittedNo webhook will be sent. The field may be left out entirely.
  • If nullNo webhook will be sent. Equivalent to omitting the field.
  • If a valid HTTPS URLA webhook POST will be sent when the job reaches a terminal state.

Rejected — returns HTTP 400

  • Empty stringAn empty string ("") is not a valid URL.
  • Non-HTTPS URLURLs starting with http:// or any other scheme are rejected.
  • Non-string valueNumbers, booleans, and objects are rejected. Must be a string.
  • Private or internal addressAddresses resolving to private IP ranges, loopback, or link-local are blocked.
VoSound treats both an omitted callbackUrl and a null callbackUrl as “no callback requested.” You can omit the field entirely or explicitly set it to null — both are valid and result in no webhook being attempted.

Behavior Table

callbackUrl valueOutcome
omittedAccepted — no webhook will be sent
nullAccepted — no webhook will be sent
"https://partner.example.com/hook"Accepted — webhook will be sent on terminal state
"http://partner.example.com/hook"Rejected — 400 (not HTTPS)
"" (empty string)Rejected — 400 (empty strings not allowed)
123 (number)Rejected — 400 (must be a string)
"https://192.168.1.1/hook"Rejected — 400 (private address)

Request Examples

No callback — omitted

Leave out callbackUrl entirely. No webhook will be sent.

{
  "audioUrl": "https://example.com/audio.wav",
  "genrePackId": "clx123abc"
}
No callback — explicit null

Setting callbackUrl to null is identical to omitting it.

{
  "audioUrl": "https://example.com/audio.wav",
  "genrePackId": "clx123abc",
  "callbackUrl": null
}
With callback

A valid HTTPS endpoint. VoSound will POST to this URL when the job completes.

{
  "audioUrl": "https://example.com/audio.wav",
  "genrePackId": "clx123abc",
  "callbackUrl": "https://partner.example.com/webhooks/vosound"
}
Invalid callback — rejected→ 400 Bad Request

Non-HTTPS URLs are rejected with HTTP 400.

{
  "audioUrl": "https://example.com/audio.wav",
  "genrePackId": "clx123abc",
  "callbackUrl": "http://partner.example.com/webhooks/vosound"
}

Webhook Payload

When a job reaches a terminal state, VoSound sends a POST request to your callbackUrl with a JSON body. The event field identifies which terminal state was reached.

Request headers sent by VoSound

Content-Type: application/json
User-Agent: vosound-webhook/1.0

Delivery semantics

  • 2xx response — delivery confirmed, no further attempts.
  • Non-2xx / timeout / network error — delivery failed. No automatic retry in v1.
  • 3xx redirects — not followed; treated as a failure.
  • Timeout — requests abort after 5 seconds.

Event Types & Payload Examples

job.succeeded— processing completed successfully
{
  "event": "job.succeeded",
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "SUCCEEDED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:02:34.000Z",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx",
  "certificateId": "VSC-A1B2C3D4",
  "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}

certificateId and verifyUrl are only present on job.succeeded.

job.failed— processing failed
{
  "event": "job.failed",
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "FAILED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:01:12.000Z",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}
job.cancelled— job was cancelled before completion
{
  "event": "job.cancelled",
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "CANCELLED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:00:45.000Z",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}

6

Verification Endpoint

Verify the authenticity of a processed audio file by submitting its SHA-256 hash. This is a machine-to-machine trust check — useful for DAWs, label tools, and compliance systems that need to confirm a file matches its certificate without downloading anything.

POST/api/v1/certificates/:certId/verify-hashVerify a processed output by hash
No API key required. This endpoint is publicly accessible and does not require an Authorization header.

Quick start

Try with curl
curl -X POST \
  https://vosound.com/api/v1/certificates/VSC-A1B2C3D4/verify-hash \
  -H "Content-Type: application/json" \
  -d '{"sha256": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"}'

Path Parameter

FieldTypeRequiredDescription
certIdstringrequiredThe certificate ID (e.g. VSC-A1B2C3D4). Case-insensitive — normalised internally.

Request Body

FieldTypeRequiredDescription
sha256stringrequired64-character lowercase hex SHA-256 hash of your processed output file. Case-insensitive — normalised to lowercase before comparison.

Responses

200 — Hash matches (verified)
{
  "verified": true,
  "match": true,
  "certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "providedHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "meta": {
    "apiVersion": "1",
    "portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
    "docsUrl": "https://vosound.com/docs/api"
  }
}
200 — Hash does not match
{
  "verified": true,
  "match": false,
  "certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "providedHash": "b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9a0b1c2",
  "meta": {
    "apiVersion": "1",
    "portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
    "docsUrl": "https://vosound.com/docs/api"
  }
}
400 — Invalid hash format
{ "verified": false, "error": "Invalid SHA-256 hash" }
404 — Certificate not found
{
  "verified": false,
  "error": "Certificate not found",
  "meta": { "apiVersion": "1" }
}

Response Field Semantics

  • verified — true when the request was processed successfully (regardless of whether hashes match).
  • match — true when the provided hash equals the stored certificate hash.
  • certHash — the SHA-256 hash stored in the certificate record.
  • providedHash — your hash after normalisation (trimmed, lowercased).

Rate Limit

30 requests per minute per IP. Excess requests receive HTTP 429.


7

Error Handling

All authenticated endpoints return errors as a JSON object with a single error field. Validation is strict and fail-closed — if a field is invalid or missing, the request is rejected immediately.

Standard error shape (all authenticated endpoints)
{ "error": "Human-readable description of the problem." }
Verification endpoint errors (POST /api/v1/certificates/:certId/verify-hash)
{ "verified": false, "error": "Certificate not found", "meta": { "apiVersion": "1" } }

The verification endpoint is unauthenticated and uses an extended error shape. On 400 (invalid hash) and 404 (certificate not found), the response includes verified: false so callers can distinguish a lookup failure from a successful but non-matching hash. On 429 (rate limit exceeded), the response follows the standard shape { error: "..." }. See Section 6 for all response schemas.

CodeMeaning
400Bad request — a field is missing, invalid, or failed validation.
401Unauthorized — API key is missing or invalid.
403Forbidden — you do not have access to this resource.
404Not found — the job or certificate does not exist.
429Rate limit exceeded — see per-endpoint limits above.
500Internal server error — contact support if this persists.

8

CORS

All v1 endpoints support cross-origin requests. Preflight OPTIONS requests are handled on every endpoint and return HTTP 204.

EndpointCORS Headers
POST /api/v1/processAccess-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization
GET /api/v1/jobs/:jobIdAccess-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization
GET /api/v1/usageAccess-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Content-Type, Authorization
POST /api/v1/certificates/:certId/verify-hashAccess-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, OPTIONS Access-Control-Allow-Headers: Content-Type
Response headers (example)
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST, OPTIONS
Access-Control-Allow-Headers: Content-Type, Authorization
Cache-Control: no-store
Content-Type: application/json

9

Integration Flow

Follow these steps for a complete end-to-end integration with the VoSound Partner API.

1

Obtain an API key

API keys are issued by VoSound. Contact your account manager or VoSound staff to request access. Keys are prefixed with vsk_ and should be stored securely — treat them like passwords.

2

Submit a job

Send a POST request to /api/v1/process with your audio URL, genre pack ID, and an optional callbackUrl. The response immediately returns a jobId and pollUrl.

3

Track the job

Poll GET /api/v1/jobs/:jobId every 5–10 seconds until status is no longer QUEUED or RUNNING. If you registered a callbackUrl, a webhook will also fire when the job reaches a terminal state. Always implement polling as a fallback — webhook delivery is best-effort and not guaranteed.

4

Handle the result

On SUCCEEDED, the response includes a certificateId and verifyUrl. Use verifyUrl to share a public proof-of-processing page, or call the verification endpoint to machine-check the output hash. On FAILED or CANCELLED, no certificate is issued.

5

Verify the output (optional)

If you have the SHA-256 hash of the processed output file, call POST /api/v1/certificates/:certId/verify-hash to confirm it matches the certificate on record. No API key required for this endpoint.

6

Monitor your usage (optional)

Call GET /api/v1/usage with your API key to view a 30-day job summary and a list of your most recent jobs. Use ?limit to control how many are returned (default 10, max 25). Useful for auditing outputs and tracking certificate issuance.

Complete Example Flow

Try with curl
curl -X POST https://vosound.com/api/v1/process \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "audioUrl": "https://partner.example.com/tracks/session-12.wav",
    "genrePackId": "clx123abc",
    "callbackUrl": "https://partner.example.com/webhooks/vosound"
  }'
Response — 200 OKstore the jobId
{
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "QUEUED",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx"
}
Try with curl
curl https://vosound.com/api/v1/jobs/clxxxxxxxxxxxxxxxxx \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
Response — 200 OK — SUCCEEDED
{
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "SUCCEEDED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:02:34.000Z",
  "certificateId": "VSC-A1B2C3D4",
  "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}
Webhook received at callbackUrl— simultaneous with or shortly after polling
POST https://partner.example.com/webhooks/vosound
Content-Type: application/json
User-Agent: vosound-webhook/1.0

{
  "event": "job.succeeded",
  "jobId": "clxxxxxxxxxxxxxxxxx",
  "status": "SUCCEEDED",
  "createdAt": "2026-03-24T10:00:00.000Z",
  "completedAt": "2026-03-24T10:02:34.000Z",
  "pollUrl": "/api/v1/jobs/clxxxxxxxxxxxxxxxxx",
  "certificateId": "VSC-A1B2C3D4",
  "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4"
}
Try with curl
curl "https://vosound.com/api/v1/usage?limit=5" \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"
Response — 200 OK30-day summary + recent jobs
{
  "last30Days": { "total": 42, "succeeded": 39, "failed": 2, "cancelled": 1 },
  "recentJobs": [
    {
      "jobId": "clxxxxxxxxxxxxxxxxx",
      "status": "SUCCEEDED",
      "createdAt": "2026-03-24T10:00:00.000Z",
      "completedAt": "2026-03-24T10:02:34.000Z",
      "certificateId": "VSC-A1B2C3D4",
      "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
      "hasCallback": true
    }
  ]
}
Try with curl
curl -X POST \
  https://vosound.com/api/v1/certificates/VSC-A1B2C3D4/verify-hash \
  -H "Content-Type: application/json" \
  -d '{"sha256": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2"}'
Response — 200 OK — match: true
{
  "verified": true,
  "match": true,
  "certHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "providedHash": "a3f1c2d4e5b6a7f8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
  "meta": {
    "apiVersion": "1",
    "portalUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
    "docsUrl": "https://vosound.com/docs/api"
  }
}

10

Best Practices

A minimal, correct integration uses polling as a primary signal and webhooks as an optional complement:

Minimal correct integration
// 1. Submit
const { jobId } = await submit({ audioUrl, genrePackId });

// 2. Poll until terminal
let job;
do {
  await sleep(5000);
  job = await poll(jobId);
} while (job.status === "QUEUED" || job.status === "RUNNING");

// 3. Handle result
if (job.status === "SUCCEEDED") useResult(job.certificateId, job.verifyUrl);
else handleFailure(job.status);

Always use HTTPS

Both audioUrl and callbackUrl must be HTTPS. Non-HTTPS values are rejected immediately with HTTP 400.

Validate your webhook endpoint

Make sure your callbackUrl is publicly reachable, returns a 2xx response promptly, and handles duplicate deliveries gracefully. Idempotency on your side prevents double-processing.

Store jobId immediately

Persist the jobId from the submission response before doing anything else. It is the only way to retrieve job status and is not re-issued.

Use polling and webhooks as complements

Webhooks are best-effort and may not be delivered in all failure scenarios. Always implement polling as a fallback to confirm final job state.

Handle retries on your side

v1 makes a single webhook delivery attempt. If delivery fails, poll GET /api/v1/jobs/:jobId to retrieve the terminal state and act accordingly.


11

Usage Endpoint

Retrieve a summary of your API activity: a 30-day aggregate and a list of your most recent jobs. Useful for monitoring your integration, auditing outputs, and tracking certificate issuance without logging into the dashboard.

GET/api/v1/usageRetrieve job summary and recent activity
API key required. Pass your key as Authorization: Bearer vsk_… on every request. Omitting or providing an invalid key returns HTTP 401.

Quick start

Try with curl
curl "https://vosound.com/api/v1/usage?limit=5" \
  -H "Authorization: Bearer vsk_xxxxxxxxxxxxxxxxx"

Query Parameters

FieldTypeRequiredDescription
limitintegeroptionalNumber of recent jobs to return. Default: 10. Maximum: 25.

Response — 200 OK

FieldTypeDescription
last30Days.totalintegerTotal jobs submitted by this key in the last 30 days.
last30Days.succeededintegerJobs that completed successfully.
last30Days.failedintegerJobs that encountered a processing error.
last30Days.cancelledintegerJobs cancelled before completion.
recentJobsarrayMost recent jobs, newest first. Length is controlled by the limit parameter.
recentJobs[].jobIdstringUnique job identifier.
recentJobs[].statusstringCurrent job status (QUEUED, RUNNING, SUCCEEDED, FAILED, CANCELLED).
recentJobs[].createdAtISO 8601When the job was submitted.
recentJobs[].completedAtISO 8601 | nullWhen the job reached a terminal state. Null while in progress.
recentJobs[].certificateIdstring | nullCertificate ID. Only present on SUCCEEDED jobs.
recentJobs[].verifyUrlstring | nullPublic verification URL. Only present on SUCCEEDED jobs.
recentJobs[].hasCallbackbooleanWhether a callbackUrl was registered for this job.
{
  "last30Days": {
    "total": 42,
    "succeeded": 39,
    "failed": 2,
    "cancelled": 1
  },
  "recentJobs": [
    {
      "jobId": "clxxxxxxxxxxxxxxxxx",
      "status": "SUCCEEDED",
      "createdAt": "2026-03-24T10:00:00.000Z",
      "completedAt": "2026-03-24T10:02:34.000Z",
      "certificateId": "VSC-A1B2C3D4",
      "verifyUrl": "https://verify.vosound.com/VSC-A1B2C3D4",
      "hasCallback": true
    },
    {
      "jobId": "clyyyyyyyyyyyyyyyyy",
      "status": "FAILED",
      "createdAt": "2026-03-23T08:10:00.000Z",
      "completedAt": "2026-03-23T08:11:02.000Z",
      "certificateId": null,
      "verifyUrl": null,
      "hasCallback": false
    }
  ]
}
Ownership enforcement — only jobs submitted by your API key appear in the response. Jobs belonging to other keys or submitted through the web app are never included.

VoSound Partner API — Patent Pending U.S. App. No. 64/015,963