Authentication

​

Get your API key

​

Use your API key

# Submit job
JOB_ID=$(curl -s -X POST https://api.decart.ai/v1/jobs/lucy-pro-v2v \
  -H "X-API-KEY: $DECART_API_KEY" \
  -F "[email protected]" \
  -F "prompt=Transform to anime style" | jq -r '.job_id')

# Poll status and download when complete
while [ "$(curl -s -H "X-API-KEY: $DECART_API_KEY" \
  https://api.decart.ai/v1/jobs/$JOB_ID | jq -r '.status')" != "completed" ]; do sleep 2; done

curl -H "X-API-KEY: $DECART_API_KEY" \
  https://api.decart.ai/v1/jobs/$JOB_ID/content --output transformed.mp4

​

Best practices

• Store keys in environment variables
• Rotate keys regularly
• Use different keys for development and production

​

Client Tokens for Realtime API

​

Why use client tokens?

• Safe to expose: Can be sent to browsers and mobile apps
• Short TTL: Expire after 10 minutes, limiting exposure window
• Limited scope: Cannot create other tokens
• Session-aware: Expired tokens prevent new connections but don’t disconnect active sessions

​

How it works

1. Your backend creates a client token using your permanent API key
2. Your backend passes the client token to the frontend
3. The frontend uses the client token to authenticate the WebRTC connection

​

Creating client tokens

import { createDecartClient } from "@decartai/sdk";

const client = createDecartClient({
  apiKey: process.env.DECART_API_KEY,
});

const { apiKey, expiresAt } = await client.tokens.create();
// apiKey: "ek_abc123..." (send this to your frontend)
// expiresAt: "2024-01-15T10:30:00.000Z"

​

Best practices for client tokens

• Generate client tokens on-demand when users need realtime access
• Never log or persist client tokens on the client side

​

Need help?

• Contact support →