Scority

API Key Security for Transcript Workflows

Security notes for Scority API access: keys stay server-side, raw keys are shown once, and API usage is monitored for reliability and abuse.

Report a security issueRead API docs
Key handling

API key safety

  • Raw API keys are intended to be shown once during issuance.
  • Only key hashes should be stored by Scority.
  • Keys must not be exposed in browser code, client-side bundles, screenshots, or public repositories.
  • If a key leaks, contact support for revoke and replacement.
API access controls

Current security posture

  • Protected API endpoint with x-api-key authentication.
  • Usage logging and quota enforcement for DB-backed API keys.
  • Normalized public errors that avoid stack traces and secret details.
  • No public bug bounty, SOC 2, or ISO claim is made at this stage.
  • Dashboard and billing surfaces are not public or self-serve yet.