Skip to main content
Every request to the TranscriptMagic API requires an API key, passed in the Authorization header. Each successful call deducts 1 credit from your account balance.

The header

Authorization: Bearer sk_live_your_api_key_here
That’s the whole protocol. No OAuth dance, no signed requests, no nonces. All keys begin with the sk_live_ prefix.

Getting a key

Create, view, and rotate keys on the API keys page in the dashboard. You can have multiple active keys at once — useful for separating environments (staging vs. production) or scoping access to a specific service.

Rotation and revocation

Revocation is instant. The moment you delete a key in the dashboard, every in-flight request using it returns 401 Unauthorized. Recommended pattern for rotation:
  1. Create the new key.
  2. Deploy the new key to your environment.
  3. Confirm requests succeed with the new key — the cheapest test is GET /api/balance, which validates the key without consuming a credit: 
    curl https://api.transcriptmagic.com/api/balance \
  -H "Authorization: Bearer sk_live_your_new_key"
  4. Delete the old key.

What requires auth

Every endpoint under /api/ requires a valid bearer token starting with sk_live_. Requests without the header (or with a non-sk_live_ token) fall through to the anonymous code path and return 400 for missing device ID. Requests with a malformed or revoked sk_live_ key return 401 Unauthorized with body: 
{ "error": "Invalid API key" }
Once authenticated, requests against an account with no remaining credits return 403 Forbidden: 
{
  "error": "no_credits",
  "credits": 0,
  "message": "Out of credits. Please upgrade to continue."
}
Note that the error field is the machine-readable slug "no_credits", not a sentence — match on it programmatically. See errors for the full list.

Treat keys like secrets

API keys grant access to your credit balance. Keep them out of client-side code, public repos, and screenshots. Use environment variables or a secret manager. If you suspect a key is compromised, delete it immediately in the dashboard and create a new one.