> ## Documentation Index
> Fetch the complete documentation index at: https://docs.viddyscribe.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Learn how to authenticate your API requests

## API Key Authentication

All ViddyScribe Enterprise API endpoints require authentication using an API key passed in the `X-API-Key` header.

<Note>
  API keys are sensitive credentials. Keep them secure and never commit them to version control.
</Note>

## Getting Your API Key

Get in touch at [hello@viddyscribe.com](mailto:hello@viddyscribe.com) to obtain a plan and your API key.

Your API key will look like this:

```
vsk_abc123def456ghi789jkl012mno345pqr678stu901vwx234yz (THIS IS A SAMPLE)
```

## Making Authenticated Requests

Include your API key in the `X-API-Key` header with every request. The example below polls `/get_results` for a job — the same `X-API-Key` header works on every other endpoint (`/upload_media`, `/generate_ad_text`, `/generate_ad_audio`, `/generate_ad_video`, etc.):

<CodeGroup>
  ```bash cURL theme={null}
  curl -X GET https://api.viddyscribe.com/enterprise/api/get_results?job_id=task_123 \
    -H "X-API-Key: vsk_your_api_key_here"
  ```

  ```python Python theme={null}
  import requests

  headers = {
      "X-API-Key": "vsk_your_api_key_here"
  }

  response = requests.get(
      "https://api.viddyscribe.com/enterprise/api/get_results",
      headers=headers,
      params={"job_id": "task_123"}
  )
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch(
    'https://api.viddyscribe.com/enterprise/api/get_results?job_id=task_123',
    {
      headers: {
        'X-API-Key': 'vsk_your_api_key_here'
      }
    }
  );
  ```

  ```go Go theme={null}
  client := &http.Client{}
  req, _ := http.NewRequest("GET",
    "https://api.viddyscribe.com/enterprise/api/get_results?job_id=task_123",
    nil)
  req.Header.Add("X-API-Key", "vsk_your_api_key_here")
  resp, _ := client.Do(req)
  ```
</CodeGroup>

## Authentication Errors

A missing or invalid API key returns `401 Unauthorized` with `error: "unauthorized"`. For the full list of error codes (auth, plan limits, rate limits, upload state, job failures), see [API Reference > Error Codes](/api-reference/overview#error-codes).

## Best Practices

<AccordionGroup>
  <Accordion title="Store API Keys Securely" icon="lock">
    * Use environment variables
    * Never hardcode keys in your source code
    * Don't commit keys to version control
    * Use secret management services (AWS Secrets Manager, HashiCorp Vault, etc.)
  </Accordion>

  <Accordion title="Rotate Keys Regularly" icon="rotate">
    Periodically rotate your API keys to minimize security risks. Contact your admin to generate new keys.
  </Accordion>

  <Accordion title="Use Different Keys for Environments" icon="layer-group">
    Use separate API keys for development, staging, and production environments.
  </Accordion>

  <Accordion title="Monitor Usage" icon="chart-line">
    Keep track of your API usage to avoid hitting rate limits unexpectedly.
  </Accordion>
</AccordionGroup>