Keep keys server-side
API keys identify a workspace and should be treated like credentials. Do not ship them in mobile apps, browser clients, or public repositories. Route browser and mobile traffic through your own backend when calling nano clip.Scopes
API keys are workspace-scoped. Endpoints require the matching read or write scope for the resource being accessed.| Scope | Allows |
|---|---|
projects:read | Read project metadata |
projects:write | Create projects and complete uploads |
transcript:read | Read transcript results |
transcript:write | Start transcript commands |
vision:read | Read vision results |
vision:write | Start vision commands |
retake_removal:read | Read retake-removal results |
retake_removal:write | Start retake-removal commands |
* | All public API operations |
Common auth failures
| Status | Cause |
|---|---|
401 Unauthorized | Missing, malformed, inactive, or invalid API key. |
403 Forbidden | The key is valid but does not include the required scope. |