API keys

Creating, storing, and rotating Pipevideo API keys.

Creating keys

  1. Sign in to pipevideo.co.
  2. Open API Keys.
  3. Click Create Key, name it, and copy the value immediately.

Keys are prefixed with pv_ so they are easy to spot in logs and secret scanners. The full key is shown only once at creation.

Authentication

Pass your key as a Bearer token on every authenticated request:

Authorization: Bearer pv_your_api_key

See Authentication for details.

Storage

Treat API keys like passwords:

  • Store them in a secret manager (AWS Secrets Manager, HashiCorp Vault, Doppler, etc.).
  • Never commit keys to version control.
  • Never embed keys in client-side code for public applications — route requests through your backend.

Rotation

Rotate keys on a regular schedule and immediately after suspected compromise:

  1. Create a new key in the dashboard.
  2. Update your services to use the new key.
  3. Revoke the old key.

Revoking a key takes effect immediately — in-flight requests using the old key will fail with 401.

Least privilege

Issue separate keys per service or environment (production, staging, development) so revocation is surgical. Name keys descriptively (e.g. prod-video-service, staging-ci).

Optional expiration

When creating a key, you can set an expiration date. Expired keys return 401 API key has expired.

Rate limits

Each API key is rate-limited to 100 requests per minute. See Rate limits.

Usage

Monitor consumption, token usage, and costs across your organization.

Dashboard sign-in

Sign in to the Pipevideo dashboard with email, OAuth, or organization invites.

On this page

Creating keysAuthenticationStorageRotationLeast privilegeOptional expirationRate limits