API Keys
API Keys
API keys are the primary method for authenticating with the HesedVid API. They provide secure, programmatic access to your HesedVid resources.
Tip
API keys are created and managed through the HesedVid dashboard, not programmatically through the API.
Overview
API keys allow you to authenticate API requests without requiring user sessions. They’re perfect for:
- Server-to-server communication
- Automated scripts and tools
- CI/CD pipelines
- Third-party integrations
Authentication
Include your API key in the X-Api-Key header for all API requests:
curl -X GET "https://api.hesedvid.com/v1/api/{orgID}/videos" \ -H "X-Api-Key: hv_live_123456789abcdefghijklmnopqrstuvwxyz"const response = await fetch('https://api.hesedvid.com/v1/api/{orgID}/videos', { headers: { 'X-Api-Key': 'hv_live_123456789abcdefghijklmnopqrstuvwxyz', 'Content-Type': 'application/json' }});API Key Types
HesedVid supports different types of API keys with varying access levels:
| Key Type | Access Level | Use Case |
|---|---|---|
| Environment-Specific | Single environment only | Production servers, specific apps |
| Full-Access | All environments | Administrative tasks, CI/CD |
| System | Cross-organization | Internal HesedVid services only |
Caution
Use environment-specific keys for production applications. Full-access keys should only be used for administrative tasks.
Key Format
API keys follow this format:
- Live keys:
hv_live_prefix (for production) - Test keys:
hv_test_prefix (for development) - Length: 32 characters after the prefix
Example: hv_live_123456789abcdefghijklmnopqrstuvwxyz
Security Best Practices
Store Securely
- Use environment variables
- Never commit to version control
- Use secure key management services
Use Appropriate Scopes
- Environment-specific for production
- Full-access only for admin tasks
- Rotate keys regularly
Monitor Usage
- Check API logs regularly
- Set up alerts for unusual activity
- Revoke compromised keys immediately
Never Expose Client-Side
- API keys should only be used server-side
- Use signed URLs for client-side video access
- Implement proper access controls
Error Handling
Common API key related errors:
| Error | Cause | Solution |
|---|---|---|
401 Unauthorized | Missing or invalid API key | Check X-Api-Key header |
403 Forbidden | Valid key, insufficient permissions | Use correct environment key |
429 Too Many Requests | Rate limit exceeded | Implement backoff strategy |
Rate Limiting
API key operations are rate-limited:
| Operation | Limit | Window |
|---|---|---|
| General API calls | 10,000 requests | 1 hour |
| Video operations | 1,000 requests | 1 hour |
| Analytics queries | 500 requests | 1 hour |
Rate limit information is included in response headers:
X-RateLimit-Limit: 10000X-RateLimit-Remaining: 9999X-RateLimit-Reset: 1640995200Getting Your API Keys
API keys are created and managed through the HesedVid dashboard:
- Log in to your HesedVid dashboard
- Navigate to Settings → API Keys
- Create a new key with appropriate permissions
- Copy the key immediately (it won’t be shown again)
- Store securely in your application
Note
You can create multiple API keys for different environments or applications. Each key can have different permissions and access levels.
Integration Examples
Node.js/Express
const express = require('express');const app = express();
app.get('/api/videos', async (req, res) => { try { const response = await fetch('https://api.hesedvid.com/v1/api/{orgID}/videos', { headers: { 'X-Api-Key': process.env.HESEDVID_API_KEY, 'Content-Type': 'application/json' } });
const data = await response.json(); res.json(data); } catch (error) { res.status(500).json({ error: 'Failed to fetch videos' }); }});Python
import osimport requests
def get_videos(): headers = { 'X-Api-Key': os.getenv('HESEDVID_API_KEY'), 'Content-Type': 'application/json' }
response = requests.get( 'https://api.hesedvid.com/v1/api/{orgID}/videos', headers=headers )
return response.json()cURL
# Set your API key as an environment variableexport HESEDVID_API_KEY="hv_live_123456789abcdefghijklmnopqrstuvwxyz"
# Use in requestscurl -X GET "https://api.hesedvid.com/v1/api/{orgID}/videos" \ -H "X-Api-Key: $HESEDVID_API_KEY" \ -H "Content-Type: application/json"Troubleshooting
Common Issues
Key not working:
- Verify the key is copied correctly
- Check if the key has expired
- Ensure you’re using the correct environment
Permission denied:
- Verify the key has access to the requested environment
- Check if the key type matches your use case
- Ensure the organization ID is correct
Rate limited:
- Implement exponential backoff
- Consider caching responses
- Contact support for higher limits
Testing Your Key
# Test API key validitycurl -I "https://api.hesedvid.com/v1/api/{orgID}/environments" \ -H "X-Api-Key: YOUR_API_KEY"
# Should return 200 OK if validWhat’s Next?
- Video Upload - Upload your first video
- Video Playback - Stream videos with your API key
- Analytics - Monitor usage and performance