Video management
API key management

API key management

Introduction

In our service, API keys are essential tools that allow different levels of access and control over your account and resources. Whether you're delegating upload permissions to end users or managing the entire service as an administrator, understanding how to create and manage API keys is crucial. This guide will help you manage tokens effectively, focusing on two types of API keys: Upload-Only and Full Access.

Types of API keys

We offer two types of API keys, each designed for specific use cases:

1. Upload-Only API key

  • Purpose: This key is intended for end users who need to upload videos to your account but should not have access to other functionalities.
  • Permissions:
    • Upload videos: Users can only upload content.
    • Restricted access: Users cannot manage videos, delete content, or access other areas of your account.
  • Use Case: Ideal for scenarios where you want to delegate upload capabilities without compromising the security or control of your account.

2. Full access API key

  • Purpose: This key is for administrators who require full control over the account and its resources.
  • Permissions:
    • Manage videos: Full access to upload, delete, edit, and manage all video content.
    • Manage API keys: Ability to create, update, and delete other API keys.
    • Full service access: Access to all features and settings within the service.
  • Use Case: Best suited for internal use by admins or trusted personnel who need comprehensive control over the account.

Creating API keys

When creating an API keys, you will need to provide the following inputs:

1. Name

  • Description: A descriptive name for the API key, which helps you identify its purpose or the user it’s assigned to.
  • Example: "User Upload Key," "Admin Full Access Key."

2. Role

  • Description: Select the role associated with the API key. This determines the level of access the key provides.
  • Options:
    • Upload-Only: Limits the key to upload functions only.
    • Full Access: Grants full control over the account and its resources.

3. Expiration time

  • Description: Set an expiration time for the API key. This defines how long the key will remain valid.
  • For security purposes, it's advisable to set expiration times for keys that are not intended for long-term use.

Managing API keys

Deleting API keys

  • Purpose: Delete API keys that are no longer needed or have been compromised.
  • Considerations: Deleting an API key immediately revokes access for any users or applications relying on it.

Security best practices

  • Use Specific Roles: Always use the most restrictive role necessary for a given use case to minimize security risks.
  • Set Expiration Dates: For API keys used in temporary contexts, always set an expiration date.
  • Rotate Keys Regularly: Periodically regenerate and replace API keys to reduce the risk of unauthorized access.
  • Keep Secret Tokens Secure: Never expose your secret tokens in client-side code or publicly accessible environments.

Conclusion

API keys are a powerful tool for managing access to your account and resources. By understanding and implementing the appropriate types of API keys, you can delegate upload capabilities securely and maintain full control over your service. Regularly reviewing and managing your API keys will ensure that your account remains secure while providing the necessary access for your users and administrators.

PreviousVideo conversion and chunkingNextWebhooks