API Keys
API keys allow you to authenticate Qwilt API requests without using user credentials.
Use this API to create an API key.
-
An API key grants either viewer access (enabling get and list endpoints) or view and edit access, enabling all operations (get, list, create, update, delete) when using the Qwilt APIs.
Use the permission attribute of the Create an API Key endpoint to specify the level of access.
-
An API key is valid for a set number of days. The maximum allowed validity period is 365 days.
Use the ttl attribute of the Create an API Key endpoint to specify the validity period.
Note: When an API key expires, it cannot be renewed. To avoid interruptions, make sure to create a new key before the expiration date.
Authentication
While the api-keys API is used to generate an API key to authenticate Qwilt API requests, the api-keys API itself requires authentication, either with a login token or an existing API key.
If you do not have a valid API key, you can:
Example: Create an API Key
Request Example In this example, a login token is being used to authenticate the request to create a new API Key. Alternatively, a request can be authenticated with an existing API Key.
curl --request POST
--url https://users.cqloud.com/api/1/api-keys
--header 'Content-Type: application/json'
--header 'Authorization: BEARER eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJkYXRhQWNjZX...'
--data '{
"name": "Example_Key",
"description": "Key description example.",
"ttl": 180,
"permission": "MediaEditor"
}
Response Example
Note the apiToken value. This is the API key. The API key is only exposed once, in the Create API Key response. It is not revealed by any other endpoint such as Get or List, nor can it be viewed in the QC Services UI.
{
"name": "Example_Key",
"description": "Key description example.",
"ttl": 180,
"permission": "MediaEditor",
"keyId": "2",
"ownerId": "my-company",
"createdBy": "bob@mycompany.com",
"createdAt": "2025-01-07T15:37:36.228Z",
"expireAt": "2025-07-06T15:37:36.228Z",
"apiToken": "7759e72c-e20a-49..."
}