π Authentication
All Scriptix APIs authenticate with a single header:
| Header | Value | Notes |
|---|---|---|
x-zoom-s2t-key | <your_api_key> | Required for all API communication |
Where to get your API keyβ
Create and manage API tokens in the Scriptix Dashboard. When creating a token, choose the type that matches your integration:
- Batch β for file-based processing over HTTPS using TUS
- Realtime β for streaming over WebSocket
Use the tokenβs key value in the x-zoom-s2t-key header.
TUS protocol details: tus.io β’ Client implementations: tus.io/implementations
π Securityβ
- Keep tokens secret (do not expose in frontend code or repos).
- Store tokens in server-side environment variables.
- Rotate or revoke tokens as needed.
π Token Typesβ
There are two types of API tokens in the Scriptix ecosystem:
1. Reseller Tokenβ
Used by partners who manage multiple customers. With a reseller token, you can:
- Create and manage customers
- Generate individual customer tokens
- Track usage across your client base
2. Customer Tokenβ
Issued by resellers and tied to an individual customer or integration. Use this token when uploading or streaming audio on behalf of a specific customer.
π‘ Best Practice: Always use customer tokens for end-user transcription jobs to ensure clean usage tracking.
You can generate tokens via the Scriptix Dashboard.
πΌοΈ Example: API Keys Pageβ
π Managing Your Tokensβ
You can create and manage your API tokens in:
- API Keys β create batch or realtime tokens.
- Reseller Dashboard > Customers, open the API Keys tab.
Pattern:
https://scriptix.app/reseller/<customer_id>?tab=2
Example: scriptix.app/reseller/12345?tab=2β
π Security Best Practicesβ
- Keep tokens secret: Treat them like passwords. Never expose them in frontend code or public repos.
- Use environment variables: Store and load tokens securely in your backend or CI/CD environments.
- Rotate tokens: Regularly regenerate and update tokens to minimize long-term risk.
- Use one token per customer: It ensures clean billing and debugging.
- Set appropriate permissions (when supported): Limit token scope to the minimum necessary actions.
β Next Stepsβ
Need help? Reach out to support via the dashboard or your account manager.