Get your API key
Create an API Key
Navigate to API Keys and create a new API Key Copy key
Copy your API key
Use your API key
Pass your API key when making requests:
import { createDecartClient } from "@decartai/sdk";
const client = createDecartClient({
apiKey: process.env.DECART_API_KEY
});
from decart import DecartClient
import os
client = DecartClient(api_key=os.getenv("DECART_API_KEY"))
# Submit job
JOB_ID=$(curl -s -X POST https://api.decart.ai/v1/jobs/lucy-clip \
-H "X-API-KEY: $DECART_API_KEY" \
-F "data=@video.mp4" \
-F "prompt=Transform to anime style" | jq -r '.job_id')
# Poll status and download when complete
while [ "$(curl -s -H "X-API-KEY: $DECART_API_KEY" \
https://api.decart.ai/v1/jobs/$JOB_ID | jq -r '.status')" != "completed" ]; do sleep 2; done
curl -H "X-API-KEY: $DECART_API_KEY" \
https://api.decart.ai/v1/jobs/$JOB_ID/content --output transformed.mp4
Best practices
Never hardcode API keys in your code. Use environment variables.
- Store keys in environment variables
- Rotate keys regularly
- Use different keys for development and production
Realtime client-side authentication
For browser and mobile apps, use client tokens (ek_...) instead of your permanent key (dct_...).
Do not expose permanent API keys in frontend bundles. Always mint short-lived client tokens from your backend.
Create a token from your backend:
import { createDecartClient } from "@decartai/sdk";
const client = createDecartClient({ apiKey: process.env.DECART_API_KEY });
const token = await client.tokens.create(); // 60s TTL, unrestricted
// Or scoped:
// const token = await client.tokens.create({ expiresIn: 300, allowedModels: ["lucy-2.1"] });
from decart import DecartClient
import os
async with DecartClient(api_key=os.getenv("DECART_API_KEY")) as client:
token = await client.tokens.create() # 60s TTL, unrestricted
# Or scoped:
# token = await client.tokens.create(expires_in=300, allowed_models=["lucy-2.1"])
curl -X POST https://api.decart.ai/v1/client/tokens \
-H "x-api-key: $DECART_API_KEY" \
-H "Content-Type: application/json" \
-d '{"expiresIn": 300, "allowedModels": ["lucy-2.1"]}'
See Client Tokens for the complete backend-to-frontend flow and token rotation strategy.
Need help?