Authentication
AudioSpliter supports two authentication methods: API Keys and JWT Bearer Tokens.
API Key Authentication
Include your API key in the X-API-Key header:
curl https://api.audiospliter.com/api/v1/splits \
-H "X-API-Key: as_live_abc123def456"
API keys are the recommended method for server-to-server communication. You can create and manage keys in the Dashboard or via the API Keys endpoints.
Key Prefixes
| Prefix | Environment |
|---|---|
as_live_ | Production |
as_test_ | Sandbox (no billing, limited features) |
JWT Bearer Token Authentication
For user-scoped operations (account management, billing), use a JWT token in the Authorization header:
curl https://api.audiospliter.com/api/v1/billing \
-H "Authorization: Bearer eyJhbGciOiJSUzI1NiIs..."
JWT tokens are issued during the OAuth login flow in the AudioSpliter dashboard. They expire after 1 hour and can be refreshed.
Which Method to Use
| Use Case | Recommended Method |
|---|---|
| Submitting split jobs | API Key |
| Polling job status | API Key |
| Managing API keys programmatically | JWT Bearer |
| Billing and account operations | JWT Bearer |
| Webhook verification | HMAC signature (see Signature Verification) |
Security Best Practices
- Never expose API keys in client-side code. Always call the API from your backend.
- Rotate keys regularly. Use the Rotate Key endpoint.
- Use scoped keys when possible -- create keys with limited permissions for specific services.
- Store keys in environment variables, not in source code.
Error Responses
Missing or invalid authentication returns a 401 Unauthorized:
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key",
"status": 401
}
}
An expired JWT returns:
{
"error": {
"code": "TOKEN_EXPIRED",
"message": "JWT token has expired. Please refresh your token.",
"status": 401
}
}