offload.runoffload.run

Authentication

Every request to the offload.run API is authenticated with an API key.

API keys

Create and manage API keys from the API keys page in your dashboard. Each key is scoped to a single organization and inherits its plan limits.

Keys are prefixed so you can tell them apart at a glance:

  • sk_live_… — production keys that process real jobs and count against your usage.
  • sk_test_… — test keys for local development. Jobs run against sample infrastructure and are not billed.

Making authenticated requests

Pass your key in the Authorization header as a Bearer token:

curl https://api.offload.run/v1/jobs \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "type": "compress-video", "input": "https://example.com/video.mp4" }'

The official SDK reads the key from its constructor (or the OFFLOAD_API_KEY environment variable) and adds the header for you:

import { Offload } from '@offload-run/sdk'

const offload = new Offload({
  apiKey: process.env.OFFLOAD_API_KEY,
})

Keeping keys safe

  • Never expose a sk_live_ key in client-side code, mobile apps, or public repositories. Call the API from your backend only.
  • Store keys in environment variables or a secrets manager, not in source control.
  • Use a separate key per environment (development, staging, production) so you can rotate one without disrupting the others.

Rotating a key

If a key is leaked, revoke it immediately from the dashboard — revocation takes effect within seconds. To rotate without downtime, create a new key, deploy it, then revoke the old one once no requests are using it.

Errors

A missing, malformed, or revoked key returns 401 Unauthorized:

{
  "error": {
    "code": "unauthorized",
    "message": "Invalid API key."
  }
}