Skip to content
RouteSignalDeveloper portalStart integrating
Docs/API keys & security
Integration securityAvailable

Keep credentials scoped and server-side

Create narrowly scoped keys, store tokens once, and treat every client-visible environment as untrusted.

Built forIntegration teams
#

Key lifecycle

  • Create keys only from the authenticated owner workflow.
  • Request only the scopes your integration needs; conversion ingestion requires conversion:write.
  • The complete token is returned only at creation. Store it in a server-side secret store.
  • Listings expose metadata and prefix only, never the token or hash.
  • Revoke a key immediately when ownership or storage integrity changes.
#

Request security

Send keys in the Authorization: Bearer header over HTTPS. Never place keys in URLs, browser bundles, analytics events, screenshots, or client-side storage.