Skip to main content
ppt.video uses API keys to authorize requests and protect your account. Keep keys secret, use them only from trusted backends, and rotate on a regular cadence.

Why authentication matters

Authenticated requests ensure tasks are billed to the correct account and prevent unauthorized use of paid models like Kling, Google Veo, OpenAI Sora, Runway, Hailuo AI, Vidu AI, Luma AI, Pika AI, PixVerse AI, Wan Video, and Hunyuan.

Create an API key

Follow the dashboard flow to generate a secret key:
  1. Sign in to the ppt.video dashboard (https://ppt.video/dashboard).
  2. Open the API Keys section.
  3. Click Create key, add a descriptive name (for example, “prod-batch-jobs”), and set the scope if your org requires scoping.
  4. Copy the key immediately; it is shown only once. Store it in a secret manager.

Send authenticated requests

Include the key in the Authorization header for every REST call. 
Authorization: Bearer <YOUR_API_KEY>

cURL example

curl -X POST "https://open.ppt.video/api/v1/generation/google/veo-3.1" \
  -H "Authorization: Bearer ${PPT_VIDEO_API_KEY}" \
  -H "Content-Type: application/json" \
  -d '{
    "prompt": "sunrise over mountains in watercolor style"
  }'
Replace the prompt text with your content; use other request fields as defined in the model’s OpenAPI schema.

Store keys securely

  • Prefer environment variables or a secret manager (AWS Secrets Manager, Google Secret Manager, Azure Key Vault, HashiCorp Vault, Kubernetes Secrets).
  • Do not embed keys in mobile apps, browsers, or public repos.
  • Limit access by environment (dev/staging/prod) and by service.

Example: environment variable and Node.js client stub

# .env
PPT_VIDEO_API_KEY=your_api_key_here

const apiKey = process.env.PPT_VIDEO_API_KEY;
// Use apiKey when constructing your HTTP client; do not log it.

Rotate and revoke keys

  • Rotate keys on a schedule (for example, every 90 days) or immediately if exposure is suspected.
  • To rotate: create a new key, deploy it, validate requests, then revoke the old key.
  • Revocation is immediate; calls with a revoked key return authentication errors.

Security best practices

  • Use distinct keys per environment and per service.
  • Restrict key visibility to backend services only.
  • Monitor key usage for anomalies and alert on unexpected spikes.
  • Never commit keys to version control or share them over chat/email.

Handling authentication errors

  • 401 Unauthorized: missing or invalid key; verify the Authorization header and confirm the key has not been revoked.
  • 422 Unprocessable Entity: request is authenticated but fails validation; align request body with the model’s OpenAPI schema.

Monitoring usage

Track request counts and credit consumption in the dashboard (https://ppt.video/dashboard). Set alerts for unusual activity to catch potential key leaks early.