**Source URL:** https://general.veevavault.dev/sitevault/vault-api/references/client-id.md



For additional tracking purposes, every Vault API call will accept an
optional client ID to represent an external integration client.
You can provide this data inside a query parameter called `client_id` or HTTP
header called `X-VaultAPI-ClientID`.
If a client ID is included as both a HTTP header and query parameter, Vault ignores the HTTP Header.

Vault API will record the client ID value for each API call. This ID appears in the **API Usage Logs**, which you can download through the [UI](https://platform.veevavault.help/en/gr/14341) and [API](/vault-api/api-reference/26.1/logs/download-daily-api-usage). If an API request does not include a client ID, the value will appear as `unknown` in the API Usage Log. The API Usage Log is only available in v18.1+, but client ID can be included in requests for all versions of Vault API.

## Client ID Filtering {#Client_ID_Filtering}

When configuring inbound *External Connections*, we recommend Vault Admins enable *Client ID Filtering* to allow only known, trusted client IDs to connect to Vault through an external connection. Admins can enable this setting in the Vault UI from **Admin > Settings > General Settings**.

Once Client ID Filtering is enabled, Vault will reject API requests originating with a client ID that does not match an active *Connection* in the Vault. A Vault Admin can configure each connection with multiple client IDs. By default, each connection has a client ID in the format `veeva-vault-{connection api_name__sys}`, but this ID may vary by organization if reconfigured by your Vault Admin. If an API request is associated with an external connection, you can retrieve the connection’s `api_name__sys` from the `X-VaultAPI-Connection` header.

## Format {#format}

A valid client ID must be an alphanumeric string with a maximum of 100 characters. A client ID can be mixed-case and the only special characters allowed are periods `.`, underscores `_`, and hyphens `-`. If an API request includes an invalid client ID, the value will appear as `invalid_client_id` in the API Usage Log.

To avoid clashing with other integrations or client applications running on Vault, we recommend that you format your client ID as follows:

`{company}-{organization}-{component/team}-{server | client}-{program}`

For example, the Vault Loader team client ID could be:

`veeva-vault-tools-server-loader`



---

**Previous:** [TLS Supported Cipher Suites](/sitevault/vault-api/references/tls)  
**Next:** [Safety JSON Reference](/sitevault/vault-api/references/safety)