Features Pricing Docs
Get API Key

Authentication

Secure your API requests with API keys.

API Keys

API keys authenticate all requests to the VideoConduit API. You can create and manage keys from your API Keys dashboard. Keys use the vc_ prefix for easy identification. The full key is displayed only once at creation — store it securely before closing the dialog.

Making Authenticated Requests

Include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer vc_your_api_key
curl "https://videoconduit.com/v1/info?url=..." \
  -H "Authorization: Bearer vc_your_api_key"
import requests

headers = {"Authorization": "Bearer vc_your_api_key"}
response = requests.get("https://videoconduit.com/v1/info", headers=headers)
const response = await fetch("https://videoconduit.com/v1/info?url=...", {
  headers: { "Authorization": "Bearer vc_your_api_key" },
});
$client = new GuzzleHttp\Client();
$response = $client->get("https://videoconduit.com/v1/info", [
    "headers" => ["Authorization" => "Bearer vc_your_api_key"],
]);
req, _ := http.NewRequest("GET", "https://videoconduit.com/v1/info?url=...", nil)
req.Header.Set("Authorization", "Bearer vc_your_api_key")
resp, _ := http.DefaultClient.Do(req)
require "net/http"

uri = URI("https://videoconduit.com/v1/info?url=...")
req = Net::HTTP::Get.new(uri)
req["Authorization"] = "Bearer vc_your_api_key"
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: true) { |http| http.request(req) }

API Key Security

API keys grant full access to your account's credits and data, so treat them like passwords. Store keys in environment variables or a secrets manager — never hard-code them in source files or commit them to version control. Rotate keys periodically, and revoke any key immediately if you suspect it has been compromised.

Each key can be given a descriptive name (e.g. "Production", "Staging", "Local Dev") to help you track where each key is used. Keys can be deactivated without deletion, which lets you temporarily disable access without losing the key's usage history.

Never Expose Keys Client-Side

Never expose API keys in client-side JavaScript, mobile apps, or public repositories. API calls should always be made from your backend server.

Managing Keys

The API Keys dashboard lets you create new keys, name them for identification, deactivate keys to temporarily suspend access, and permanently delete keys you no longer need. The key prefix (first 8 characters) is visible in the dashboard so you can identify which key is which, but the full key is only shown once at creation.

Error Responses

Authentication failures return standard HTTP error codes:

401 Unauthorized

Returned when the API key is missing, malformed, or does not match any active key.

{
  "detail": "Invalid or missing API key"
}

403 Forbidden

Returned when the API key exists but has been deactivated.

{
  "detail": "API key is deactivated"
}

See Error Codes for a complete reference of all error responses.

← Quickstart Info Endpoint →

This site uses only essential cookies required for the service to function (session authentication and security). We do not use analytics, tracking, or advertising cookies. Learn more