Skip to main content

Virtual staging authorization

In order to restrict access to a virtual staging environment (VSE), you can either set the VSE up with a whitelist, or use preview keys. A whitelist is used to restrict access to a set of IP addresses, while when using preview keys, access to the VSE is authorised using a token included in the header of a content or media request. You can also use a preview key to generate credentials for use in client side requests.

Whitelists
Link copied!

A VSE is generally set up for you by Amplience Support, and each VSE will use a whitelist associated with it. If anyone with an IP address outside the range of addresses specified in this whitelist requests content or media from the VSE, then the request will be blocked.

The IP addresses in the whitelist are specified using CIDR notation.

In the example below, access to the VSE is restricted to the specified IP addresses.

Setting up a whitelist

For more information see the whitelists page.

Preview keys
Link copied!

Preview keys are generated by developers using the GraphQL Asset Management API and are associated with an organization and a VSE. A preview key is included in the "X-API" header of a VSE request to authorize access to content or media.

You can create preview keys within your own code, or by using the Graph QL playground. An example query showing information about a preview key, including its expiry date, whether it's enabled, and the VSE it's associated with, is shown in the image below.

Getting the details of a preview key in the GraphQL playground

For more information about creating and managing preview keys see the preview keys page.

When using the preview key method of authorization, you can request that Amplience Support sets up a VSE for you with no whitelist.

Creating VSEs for use with preview keys

Only VSEs created on or after 1st November 2025 support the use of preview keys.

Client side signing
Link copied!

Preview keys are intended for use in server side integrations where the key can be kept secure.

Signed URLs provide a way of authorizing access to content and media in a Virtual Staging Environment (VSE) from client side code. Using the signing service, developers can create a signing key from an existing preview key. This signing key is used to create credentials which are used to sign client side requests for content and media.

See client side signing for more details.

Whitelists

Preview keys

Client side signing

Dynamic Content and virtual staging

Virtual staging- assets and media