Authentication
The API uses two authentication schemes depending on the endpoint.
API key (x-api-key)
Most render pipeline endpoints accept an API key.
bash
curl -H "x-api-key: YOUR_API_KEY" https://api.ilovevideoeditor.com/health/detailed- Get your key from Account > API Keys in the dashboard.
- The key is only displayed once.
- Rate limiting keys off the
x-api-keyheader when present, otherwise the client IP. - API keys start with
vf_live_.
Bearer token (Authorization)
User-scoped endpoints require a Supabase JWT.
bash
curl -H "Authorization: Bearer YOUR_JWT" https://api.ilovevideoeditor.com/v1/projectsThe token is issued after sign-in via Supabase Auth. SDKs and the dashboard handle refresh automatically.
Scope quick reference
| Endpoint | Scheme |
|---|---|
GET /health | none |
GET /health/detailed | API key |
POST /v1/render | API key or Bearer |
GET /v1/render/{id} | API key or Bearer |
GET /v1/templates | none |
GET /v1/templates/{id} | none |
/v1/projects/* | Bearer |
/v1/assets/* | Bearer |
/v1/team/* | Bearer (owner/admin for mutations) |
/v1/integrations/* | Bearer (owner/admin for mutations) |
/v1/destination | Bearer (owner/admin) |
/v1/tools/* | API key or Bearer |
/billing/* | Bearer |
/v1/admin/* | x-admin-secret |
401 and 403 responses
401 Unauthorized— missing or invalid credentials.403 Forbidden— valid credentials but insufficient scope (e.g., a member trying to invite users).429 Too Many Requests— rate limit hit. Default is 100 requests per minute per API key or IP.
Rotating keys
- Create a new key in the dashboard.
- Update your application to use the new key.
- Delete the old key.
There is no automatic rotation; do it manually from the dashboard.