Vision AI Agents — Authentication

Vision AI Agents uses API key authentication to secure all platform requests.

Every request made to the Vision AI Agents API must include a valid API key in the request header.

API keys identify the developer application and enforce usage limits, rate limits, and access permissions.

Authentication Method

Method	Description	Required
API Key	Requests must include an API key in the Authorization header	Yes
Bearer Token	API keys are sent using the Bearer authentication scheme	Yes

API Key Authentication

Authentication is performed using a bearer token in the HTTP Authorization header.

Example header:

Authorization: Bearer YOUR_API_KEY

Your API key must be included in every request sent to the platform.

If a request does not include a valid API key, the API will return an unauthorized response.

Authentication Header Format

Header	Value Format	Description
Authorization	Bearer YOUR_API_KEY	Authenticates the request using the developer API key
Content-Type	application/json	Specifies JSON request format

Example Authenticated Request

The following example demonstrates a request with authentication included.

POST /api/video/ingest
Authorization: Bearer YOUR_API_KEY
Content-Type: application/json

{
  "video_url": "https://example.com/video.mp4"
}

The API validates the API key before processing the request.

Generating API Keys

API keys can be generated from the Vision AI Agents developer dashboard.

Developers can create multiple keys for different applications or environments.

API Key Environments

Environment	Purpose
Development	Used for testing integrations during development
Staging	Used for pre-production validation
Production	Used for live applications and production workloads

Using separate keys allows developers to isolate environments and control usage independently.

API Key Permissions

API keys inherit permissions from the developer account that created them.

Permission Scope	Description
Video Ingest	Upload and register videos for analysis
Video Intelligence	Run analytics and intelligence extraction
Audience Testing	Request audience engagement analysis
Search	Query indexed video intelligence signals

Enterprise accounts may receive additional permissions or expanded usage limits.

Securing API Keys

API keys should always be treated as sensitive credentials.

Best Practice	Description
Do not expose keys	Never embed API keys in client-side code
Use server environments	Store API keys securely in backend infrastructure
Rotate keys regularly	Replace API keys periodically to reduce risk
Restrict access	Limit API key usage to trusted systems

If an API key is exposed or compromised, it should be revoked immediately and replaced with a new key.

Unauthorized Requests

If a request is sent without a valid API key, the API returns an HTTP 401 Unauthorized response.

Example response:

{
  "error": "unauthorized",
  "message": "Invalid or missing API key"
}

Unauthorized Response Fields

Field	Type	Description
error	string	Machine-readable error code
message	string	Human-readable error description

Developers should verify that the Authorization header is correctly formatted and that the API key is valid.

Rotating API Keys

API keys should be rotated periodically to maintain security.

Recommended rotation workflow:

Create a new API key in the developer dashboard
Update application configuration
Confirm requests succeed using the new key
Revoke the previous key

This ensures uninterrupted service while maintaining security best practices.

API Key Limits

API keys inherit the rate limits defined by the developer usage tier.

Limit Type	Description
Concurrent Requests	Maximum number of simultaneous API requests
Daily Requests	Total API requests allowed per day
Monthly Token Usage	Total processing tokens available per billing cycle

Developers can review usage limits in the Rate Limits & Usage Tiers documentation.