Livepeer Studio

Get an API key

You need an API key to make requests of the Livepeer Studio API. You do not need to create an API key if you are creating and configuring live streams using only the Livepeer Studio Dashboard.

When you create a new API key, copy and secure the value displayed to you. This is the sole secret you will have to use when making requests to the Livepeer Studio API, so share and store it with caution.

Login to the Livepeer Studio Dashboard, and navigate to the API keys page within the Developers tab. On this page, you can manage your API keys including creating or deleting them and monitoring their usage.

Make sure you register Livepeer Studio Account and get an API Key

Api Guide 1

  • Click Create API Key

Api Guide 2

  • A popup should show up. Enter the name for your API key.

Api Guide 3

  • Click Create. Your dashboard should look like:

Api Guide 4

We currently allow you to reveal the secret of any existing API key but this behavior may change in the future, so make sure to persist the API key safely. If you ever forget an API key you'll always be able to delete it and create a new one anyway.

To use an API key, simply add an Authorization header to your request with the Bearer scheme and the API key as the value. Example:

curl -X GET \
  -H 'Authorization: Bearer {api_key}'
  https://livepeer.studio/api/user/me

By default, API keys can only be used from a backend server. This is to ensure maximum security and prevent that you accidentally expose your account by including the secret API key in some public web page.

However, if you are developing a frontend application and want to get started quickly with the API, you can also create an API key with CORS access enabled. API keys created with that option can be used from the browser, from any origin that you configure it for.

Note: An origin is just a combination of a scheme, likehttps, with a domain like example.com. You will also need to include the port number if you are using a non-standard port.
e.g.: http://localhost:8080 when developing locally on port 8080 or https://my.app.io after deploying it on a public domain.

To enable CORS, simply tick the Allow CORS access checkbox when creating your API key. You will then be prompted to add all the origins that you would like the API key to be used from:

image

We recommend that you add the minimal list of origins to your API key. Ideally also creating separate API keys to be used for development or production. At your own discretion, you can use the same API key for all your environments and allow all the origins for it. You can also just add the * special value to allow the key to be used from any origin.

Note: CORS is only a client-side check that browsers make and sometimes does not prevent the API from being called. It also does not prevent the API key from being used from other places like a backend or a custom client.

For an additional layer of security, we also limit the access of the CORS-enabled keys to the API. Continue reading for more information.

CORS-enabled API keys have restricted access to the API by default. This means that they are only allowed to call some specific endpoints of the API.

This is another intermediate security measure, so that even if a malicious actor snoops the API key from your web page they still won't be able access the most sensitive data in your account. For example, APIs that expose PIIs, payment information or list API resources created by other users are disallowed.

These are the main API endpoints that a restricted CORS API key will have access:

API GroupAPIdescription
LivePOST /api/streamCreate a new stream
LiveGET /api/stream/{id}Retrieve a stream by ID
LiveGET /api/stream/{id}/sessionsList sessions from a specific parent stream ID
LiveGET /api/session/{id}Retrieve a session by ID
LivePATCH /api/stream/{id}Update a specific stream by ID
VODPOST /api/asset/request-uploadCreate an asset via direct upload
VODGET /api/asset/{id}Retrieve an asset by ID
VODPOST /api/asset/{id}/exportExport an asset (e.g. to IPFS)
VODPOST /api/asset/{id}/transcodeTranscode an asset to another rendition
VODGET /api/task/{id}Monitor the progress of a specific task by ID

These endpoints allow you to use all the features of the Video NFT SDK from the browser. If you still have any issues using it let us know through any of the support channels.

Full Access

If your application needs further access to the API, it is strongly recommended that you run a backend to secure an API key and call the API privately. From it you can also perform any custom authentication with your frontend and validate the API calls to protect your Livepeer Studio account. Check the livepeer-web-api-proxy for a sample project with such a backend.

If you are aware of the implications but still want to create an API key with full access to your account, you can do so by ticking the Full API access checkbox when creating your API key.

An API key with Full API access will be able to access and manage every information in your account, including: all your contact info provided on registratin; change your billing plan, and; list and delete all the streams and assets stored in your account.

If you plan on deploying a production application with a Full API AccessCORS API key, get in touch first and we may be able to help you. Find us at [email protected]