Auth & Keys

Vidbyte API keys are account-scoped credentials for the public API. Create them in settings, store them safely, and send them with every request from a trusted server environment.

Create and store

Vidbyte only shows the plaintext key at creation time. Treat that like any other production secret workflow: copy it once, move it into your local environment or deployment secrets, and never rely on being able to recover it from the UI later.

If a key is lost, rotate it. Do not build workflows that depend on re-reading the original plaintext value.

Open API key settings

Send headers

Both header formats hit the same authentication middleware, so the choice is mostly ergonomic. Bearer tokens fit better in standardized HTTP clients, while `x-api-key` can be simpler in internal tools or quick shell experiments.

Headers

Auth headers

Authorization: Bearer vb_live_your_api_key
x-api-key: vb_live_your_api_key
Content-Type: application/json

Keep keys server-side

Keep API keys in server-side environments, edge configuration, CI secrets, or another trusted secret manager. Do not embed them in shipped frontend bundles or expose them in browser storage if the caller does not need direct API access.

If your application needs browser-driven actions, proxy through your backend and let your backend own the Vidbyte credential.