API Keys
API keys enable programmatic access to Scriptix services. This guide covers creating, managing, and using API tokens securely.
Understanding API Keys
What Are API Keys:
- Authentication tokens for API access
- Allow applications to use Scriptix programmatically
- Alternative to user login
- Scoped permissions for security
Use Cases:
- Automate transcription workflows
- Integrate Scriptix into your application
- Batch process audio files
- Build custom tools and integrations
API Token Types:
- Batch: Upload and store audio, then process
- Realtime: Process audio streams as they arrive
Accessing API Key Management
Navigation:
- Log in to Scriptix
- Navigate to Settings or Profile
- Click API Keys tab or menu item
- API Keys page opens
What You'll See:
- List of existing API tokens
- "Create API Key" button
- Token details grid
- Actions for each token
Creating API Tokens
Step 1: Click Create Button
- Click "Create API Key" or "New Token" button
- Modal opens with creation form
Step 2: Configure Token
Token Name (Required):
- Descriptive identifier for token
- Help you remember purpose
- Example: "Production Integration", "Testing Environment"
Token Type (Required):
Batch:
- Upload audio files first
- Store in Scriptix
- Process when ready
- Best for: Workflow automation, scheduled jobs
Realtime:
- Process audio streams live
- Immediate transcription
- Best for: Live captioning, real-time applications
Expiration Period (Required):
- 1 Year - Short-term projects
- 2 Years - Medium-term integrations
- 5 Years - Long-term production use
Form Example:
Token Name: [Production App Integration_______]
Token Type: ⚫ Batch ⚪ Realtime
Expiration: ⚪ 1 Year ⚫ 2 Years ⚪ 5 Years
[Cancel] [Create Token]
Step 3: Create and Copy Token
After Creation:
- Token generated immediately
- Token key displayed in modal
- Copy token to clipboard (automatic or manual)
- Critical: Save token securely NOW
- Token won't be shown again
Token Display:
✅ API Token Created Successfully!
Token Key: sk_live_abc123def456ghi789jkl012mno345pqr678
⚠️ Important: Copy this token now. You won't be able to see it again!
[Copy to Clipboard] [Close]
Storage:
- Save in password manager
- Store in secure environment variables
- Never commit to version control
- Treat like a password
Managing API Tokens
View All Tokens
Token List Display:
| Column | Information |
|---|---|
| Token ID | Unique identifier |
| Token Name | Your descriptive name |
| Token Type | Batch or Realtime |
| Expiration | Expiration date |
| Actions | Delete button |
Token Key:
- Masked after creation (not re-displayable)
- Cannot retrieve lost tokens
- Must create new if lost
Token Details
Information Shown:
- Token ID number
- Token name
- Type (Batch/Realtime)
- Expiration date
- Created date (implicitly via system)
Cannot Edit:
- Token name after creation
- Token type
- Expiration period
- Token key
To Change:
- Create new token with desired settings
- Update integration to use new token
- Delete old token
Delete/Revoke Tokens
When to Delete:
- Token compromised or exposed
- Integration no longer used
- Expired or expiring soon
- Testing token no longer needed
How to Delete:
- Find token in list
- Click Delete button
- Confirmation dialog appears
- Confirm deletion
- Token immediately revoked
Who Can Delete:
- Organization admins
- Users with developer role
- Token creator (typically)
Effect of Deletion:
- Token stops working immediately
- API requests with token fail
- Applications using token cannot authenticate
- Cannot be undone
Before Deleting:
- Verify no active integrations using token
- Update applications with replacement token
- Notify team members if shared token
Using API Tokens
API Authentication
How to Use Token:
HTTP Header:
Authorization: Bearer YOUR_API_TOKEN_HERE
Example API Request:
curl -X POST https://api.scriptix.io/api/v3/speech-to-text \
-H "Authorization: Bearer sk_live_abc123..." \
-F "file=@audio.mp3" \
-F "language=en"
Programming Example (JavaScript):
const axios = require('axios');
const token = 'sk_live_abc123...'; // From environment variable
axios.post('https://api.scriptix.io/api/v3/speech-to-text',
formData,
{
headers: {
'Authorization': `Bearer ${token}`,
'Content-Type': 'multipart/form-data'
}
}
)
.then(response => console.log(response.data))
.catch(error => console.error(error));
API Documentation
Access Documentation:
- Check Scriptix API documentation
- Endpoint references
- Authentication guides
- Code examples
- SDKs and libraries
Common Endpoints:
/api/v3/speech-to-text- Upload and transcribe/api/v3/sessions- Manage sessions/api/v3/documents- Access transcripts- See full API docs for complete list
Token Types in Practice
Batch Token Usage:
1. Upload audio file
2. Receive session ID
3. Poll for completion
4. Download transcript
Realtime Token Usage:
1. Open streaming connection
2. Send audio chunks
3. Receive transcript fragments
4. Close connection when done
API Key Security
Best Practices
Storage:
✅ Secure:
- Environment variables (production)
- Secret management services (AWS Secrets Manager, Azure Key Vault)
- Password managers (development)
- Encrypted configuration files
❌ Never:
- Hardcode in source code
- Commit to Git repositories
- Share via email or chat
- Store in plain text files
- Display in UI or logs
Access Control:
- Limit who has access to tokens
- Use separate tokens per environment (dev, staging, prod)
- Rotate tokens periodically
- Revoke immediately if compromised
Environment Variables:
# .env file (add to .gitignore!)
SCRIPTIX_API_TOKEN=sk_live_abc123...
# Usage in code
const token = process.env.SCRIPTIX_API_TOKEN;
Never Expose:
- Don't log API tokens
- Don't display in error messages
- Don't send in URLs or query parameters
- Don't include in screenshots
Token Rotation
Regular Rotation:
- Rotate tokens annually or quarterly
- Create new token before expiration
- Update all integrations
- Delete old token after transition
Rotation Process:
1. Create new API token
2. Update staging environment
3. Test thoroughly
4. Update production environment
5. Monitor for issues
6. Delete old token after 1-2 weeks
Emergency Rotation:
- If token exposed publicly (GitHub, logs, etc.)
- Create new token immediately
- Update production ASAP
- Revoke compromised token
- Monitor for unauthorized usage
Monitoring Token Usage
Check for:
- Unusual API request patterns
- Requests from unexpected IPs
- High volume spikes
- Failed authentication attempts
If Suspicious Activity:
- Revoke token immediately
- Create new token
- Update integrations
- Review security logs
- Contact support if needed
Troubleshooting
Token Not Working
Problem: API requests return 401 Unauthorized
Possible Causes:
- Token copied incorrectly (missing characters)
- Token expired
- Token revoked
- Wrong authorization header format
Solutions:
- Verify entire token copied (check for truncation)
- Check expiration date in token list
- Ensure using
Authorization: Bearer TOKENformat - Create new token if expired
Can't Create Token
Problem: Create button disabled or error message
Possible Causes:
- Insufficient permissions (not admin or developer role)
- Organization limit reached
- Account issue
Solutions:
- Contact organization admin for role permissions
- Delete unused tokens to free up slots
- Verify account status
- Contact support
Token Deleted Accidentally
Problem: Deleted wrong token, production broken
Solutions:
- No recovery possible for deleted tokens
- Create new token immediately
- Update production with new token
- Implement emergency deployment process
- Test new token before full rollout
API Token Limits
Per Organization
Typical Limits:
- No hard limit on number of tokens (platform-dependent)
- Reasonable usage expected
- Monitor and delete unused tokens
Best Practices:
- Create separate tokens per integration
- Don't reuse tokens across environments
- Delete tokens when projects end
Rate Limiting
API Rate Limits:
- Based on subscription plan
- Documented in API documentation
- Monitor usage to avoid limits
- Implement retry logic in integrations
If Rate Limited:
- Reduce request frequency
- Batch operations where possible
- Upgrade plan for higher limits
- Contact support for custom limits
Integration Examples
Python Integration
import requests
import os
API_TOKEN = os.getenv('SCRIPTIX_API_TOKEN')
API_URL = 'https://api.scriptix.io/api/v3'
headers = {
'Authorization': f'Bearer {API_TOKEN}'
}
# Upload file for transcription
files = {'file': open('audio.mp3', 'rb')}
data = {'language': 'en', 'document_type': 'document'}
response = requests.post(
f'{API_URL}/speech-to-text',
headers=headers,
files=files,
data=data
)
session_id = response.json()['session_id']
print(f'Session ID: {session_id}')
Node.js Integration
require('dotenv').config();
const axios = require('axios');
const FormData = require('form-data');
const fs = require('fs');
const API_TOKEN = process.env.SCRIPTIX_API_TOKEN;
const API_URL = 'https://api.scriptix.io/api/v3';
async function transcribe(audioPath) {
const form = new FormData();
form.append('file', fs.createReadStream(audioPath));
form.append('language', 'en');
const response = await axios.post(
`${API_URL}/speech-to-text`,
form,
{
headers: {
...form.getHeaders(),
'Authorization': `Bearer ${API_TOKEN}`
}
}
);
return response.data.session_id;
}
transcribe('audio.mp3')
.then(sessionId => console.log('Session ID:', sessionId))
.catch(error => console.error('Error:', error));
Next Steps
Complete your integration:
- API Documentation - Full API reference
- Profile Settings - Manage account security
- Billing & Subscription - API usage and billing
- Usage & Limits - Monitor API usage
Integrate securely! Create API tokens to build powerful integrations while maintaining security best practices.