Scority

YouTube API Without OAuth

Learn when OAuth is required for official YouTube workflows and when server-side API key authentication is enough for transcript extraction.

Read authentication docsView API docs
Direct answer

OAuth depends on the job

If your app needs to act on behalf of a YouTube user or access account-bound resources, OAuth may be required. If your server needs to call Scority for transcript extraction, Scority uses x-api-key instead.

  • Use Google OAuth for Google-account workflows that require user authorization.
  • Use Google API keys for supported official YouTube Data API requests that allow API-key auth.
  • Use Scority x-api-key for server-side transcript requests to https://api.scority.ai.
  • Do not imply OAuth is never needed; it depends on the API and resource.
Credential types

Google credentials and Scority keys are separate

A Google Cloud credential is not a Scority API key. Scority keys authorize requests to Scority's transcript endpoint, not to Google's official platform APIs.

  • Google API keys and OAuth clients belong to a Google Cloud project.
  • Scority API keys are issued for Scority transcript API usage.
  • The Scority request header is x-api-key.
  • Keep both kinds of credentials out of frontend JavaScript unless a provider explicitly documents browser-safe usage.
Transcript use case

When x-api-key is enough

For Scority, the stable public integration path is a protected server-side HTTP request. The API key identifies your account or integration, and the request asks for a transcript by video_id or video_url.

  • GET /v1/youtube/transcript is the current transcript endpoint.
  • video_id or video_url is required.
  • language or lang is optional.
  • The response includes text, segments, source and language when captions are available.
Safety

Do not move API keys into the browser to avoid OAuth

Avoiding OAuth is not a reason to expose server-side secrets. If a browser UI needs transcript data, put a small backend route in front of the Scority API.

  • Validate the user or request in your backend.
  • Call Scority from the backend with x-api-key.
  • Return only the transcript data your UI needs.
  • Rotate keys if they appear in logs, screenshots or client bundles.
Related

Next references

Docs

Authentication

Use x-api-key from server-side code.

Open →
Guide

YouTube API key guide

Separate Google Cloud keys from Scority API keys.

Open →
Guide

JavaScript guide

Wrap transcript requests in server-side JavaScript.

Open →