Authentication

How to sign API requests.

Every request to /v1/* must include an Authorization: Bearer … header carrying a key minted in Profile → API Access.

Authorization: Bearer utf_live_a1b2c3d4e5f6g7h8i9j0k1l2

Key shape

• utf_live_… - production key, deducts credits.
• utf_test_… - sandbox key, no credit cost, returns synthetic results.

Storing keys

Scopes

Limit what each key can do. Available scopes:

• * - all endpoints
• video:write, video:read
• audio:write, audio:read
• image:write, image:read
• uploads:write
• drops:write, drops:read

IP allowlist

Restrict the source IPs that can use a key. Supports IPv4 addresses and CIDR ranges (e.g. 10.0.0.0/8). An empty list allows any IP.

Rotation

Rotating mints a new key with the same metadata; the old key keeps working for 24 hours so you can deploy. Revocation takes effect immediately.