Skip to content

Authentication

The API uses two authentication schemes depending on the endpoint.

API key (x-api-key)

Most render pipeline endpoints accept an API key.

bash
curl -H "x-api-key: YOUR_API_KEY" https://api.ilovevideoeditor.com/health/detailed
  • Get your key from Account > API Keys in the dashboard.
  • The key is only displayed once.
  • Rate limiting keys off the x-api-key header when present, otherwise the client IP.
  • API keys start with vf_live_.

Bearer token (Authorization)

User-scoped endpoints require a Supabase JWT.

bash
curl -H "Authorization: Bearer YOUR_JWT" https://api.ilovevideoeditor.com/v1/projects

The token is issued after sign-in via Supabase Auth. SDKs and the dashboard handle refresh automatically.

Scope quick reference

EndpointScheme
GET /healthnone
GET /health/detailedAPI key
POST /v1/renderAPI key or Bearer
GET /v1/render/{id}API key or Bearer
GET /v1/templatesnone
GET /v1/templates/{id}none
/v1/projects/*Bearer
/v1/assets/*Bearer
/v1/team/*Bearer (owner/admin for mutations)
/v1/integrations/*Bearer (owner/admin for mutations)
/v1/destinationBearer (owner/admin)
/v1/tools/*API key or Bearer
/billing/*Bearer
/v1/admin/*x-admin-secret

401 and 403 responses

  • 401 Unauthorized — missing or invalid credentials.
  • 403 Forbidden — valid credentials but insufficient scope (e.g., a member trying to invite users).
  • 429 Too Many Requests — rate limit hit. Default is 100 requests per minute per API key or IP.

Rotating keys

  1. Create a new key in the dashboard.
  2. Update your application to use the new key.
  3. Delete the old key.

There is no automatic rotation; do it manually from the dashboard.

Released under the MIT License.