Authentication overview

JSON2Video secures access to its API through an API key authentication mechanism. This method grants access to the API based on a unique, secret key associated with a user's account. When an API key is included in a request, the JSON2Video API validates the key to ensure the request originates from an authorized source, allowing access to features such as automated video creation and programmatic video editing.

API keys are a common authentication method for RESTful APIs due to their simplicity and ease of implementation. They function as a secret token that clients include with each API request. The JSON2Video API expects this key to be passed in the Authorization header as a Bearer token. This approach is widely adopted across various cloud services and APIs, including those from AWS Identity and Access Management and Cloudflare's API.

Proper management and protection of your API key are critical to maintaining the security of your JSON2Video account and preventing unauthorized use of your video generation resources. Misuse of an API key could lead to unauthorized video creation, impacting your usage limits and potentially exposing sensitive project information.

Supported authentication methods

JSON2Video primarily supports API key authentication. This method involves generating a unique string of characters from your JSON2Video account dashboard and including it in the headers of your API requests. The platform uses this key to identify and authorize your application.

The JSON2Video API expects the API key to be sent in the Authorization HTTP header, formatted as a Bearer token. This standard practice for API key usage ensures that the key is transmitted securely over HTTPS, protecting it from interception during transit.

The table below summarizes the authentication method supported by JSON2Video:

Method When to Use Security Level
API Key (Bearer Token) All programmatic access to the JSON2Video API for video creation, editing, and management. Ideal for server-side applications and secure client-side environments. High (when properly managed and transmitted over HTTPS)

While API keys are effective for authentication, they differ from more complex authorization frameworks like OAuth 2.0, which provides delegated access without sharing user credentials directly. For services requiring granular permissions or user consent flows, OAuth 2.0 is often preferred, as detailed in the OAuth 2.0 specification. However, for direct application-to-API communication where the application itself is the principal, API keys offer a straightforward and secure solution when implemented correctly.

Getting your credentials

To obtain your API key for JSON2Video, you will need to access your account dashboard on the JSON2Video website. The process typically involves logging into your account and navigating to a section designated for API settings or developer tools. This is a common pattern for managing API credentials across many platforms, including Stripe's API keys.

Follow these general steps to retrieve your JSON2Video API key:

  1. Log in to your JSON2Video account: Go to the JSON2Video homepage and log in using your registered email and password.
  2. Navigate to API Settings: Once logged in, look for a section such as "API Keys," "Developer Settings," or "Account Settings" in your dashboard. The exact label may vary, but it will typically be under a profile or settings menu.
  3. Generate or retrieve your API Key: Within the API settings, you should find an option to generate a new API key or view existing ones. If you are generating a new key, ensure you copy it immediately, as it may only be shown once for security reasons.
  4. Store your API Key securely: Once you have your API key, store it in a secure location. Avoid hardcoding it directly into your application's source code, especially for public repositories. Environment variables or secure configuration management systems are preferred.

It is recommended to generate a new API key if you suspect your current key has been compromised or if you need to revoke access for a specific application. Regularly rotating your API keys is also a good security practice, similar to how passwords are changed periodically.

Authenticated request example

Once you have obtained your JSON2Video API key, you can use it to make authenticated requests to the API. The key must be included in the Authorization header of your HTTP request as a Bearer token. Below are examples demonstrating how to make an authenticated request using cURL and Python, two of the primary languages supported by JSON2Video's API examples.

cURL Example

This cURL example demonstrates how to create a new video project by sending a POST request to the /videos endpoint. Replace YOUR_API_KEY with your actual API key and adjust the JSON payload according to your video creation requirements, as described in the JSON2Video API reference.

curl -X POST \
  https://api.json2video.com/v1/videos \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -d '{
    "templateId": "your_template_id",
    "data": {
      "title": "My Dynamic Video",
      "scenes": [
        {
          "type": "text",
          "content": "Welcome to JSON2Video!"
        }
      ]
    },
    "output": {
      "format": "mp4",
      "resolution": "1080p"
    }
  }'

Python Example

This Python example uses the requests library to achieve the same outcome as the cURL example. It defines the API key in a variable for clarity and constructs the headers and payload before making the POST request.

import requests
import json

API_KEY = "YOUR_API_KEY"
API_BASE_URL = "https://api.json2video.com/v1"

headers = {
    "Content-Type": "application/json",
    "Authorization": f"Bearer {API_KEY}"
}

payload = {
    "templateId": "your_template_id",
    "data": {
      "title": "My Dynamic Video",
      "scenes": [
        {
          "type": "text",
          "content": "Welcome to JSON2Video!"
        }
      ]
    },
    "output": {
      "format": "mp4",
      "resolution": "1080p"
    }
}

try:
    response = requests.post(f"{API_BASE_URL}/videos", headers=headers, data=json.dumps(payload))
    response.raise_for_status()  # Raise an HTTPError for bad responses (4xx or 5xx)
    print("Video creation request successful:")
    print(json.dumps(response.json(), indent=2))
except requests.exceptions.HTTPError as e:
    print(f"HTTP error occurred: {e}")
    print(f"Response content: {e.response.text}")
except requests.exceptions.RequestException as e:
    print(f"An error occurred during the request: {e}")

These examples illustrate the fundamental structure for authenticating your requests. Ensure that the Content-Type header is set to application/json when sending JSON payloads, as required by the JSON2Video API.

Security best practices

Securing your JSON2Video API key is paramount to protecting your account from unauthorized access and potential misuse. Adhering to established security best practices for API keys can significantly mitigate risks. These practices are consistent with general API security guidelines recommended by organizations like the World Wide Web Consortium (W3C) for web technologies.

  • Keep API Keys Confidential: Treat your API key like a password. Never embed it directly into client-side code (e.g., JavaScript in a public web application) where it can be exposed. For server-side applications, store the key in environment variables, secret management services, or encrypted configuration files.
  • Use Environment Variables: Instead of hardcoding your API key, store it as an environment variable on your server or development machine. This prevents the key from being committed to version control systems (like Git) and makes it easier to manage different keys for different environments (development, staging, production).
  • Implement Secure Storage: For applications running in cloud environments, consider using dedicated secret management services such as AWS Secrets Manager, Google Cloud Secret Manager, or Azure Key Vault. These services provide secure storage, rotation, and access control for sensitive credentials.
  • Restrict Access to API Keys: Limit who has access to your API keys within your organization. Follow the principle of least privilege, granting access only to individuals and systems that absolutely require it.
  • Transmit Over HTTPS Only: Always ensure that all communications with the JSON2Video API occur over HTTPS (HTTP Secure). HTTPS encrypts the data exchanged between your application and the API, preventing eavesdropping and tampering with your API key during transit. The JSON2Video API endpoints are served exclusively over HTTPS.
  • Rotate API Keys Regularly: Periodically generate new API keys and revoke old ones. This practice minimizes the window of opportunity for a compromised key to be exploited. While JSON2Video's documentation does not specify an automatic rotation schedule, manual rotation is a recommended security measure.
  • Monitor API Key Usage: Keep an eye on your API usage patterns. Unusual spikes in requests or requests from unexpected geographical locations could indicate a compromised key. Set up alerts if JSON2Video provides usage monitoring tools.
  • Implement IP Whitelisting (if available): If JSON2Video offers IP whitelisting, configure it to allow API requests only from a specific set of trusted IP addresses associated with your servers. This adds an extra layer of security by rejecting requests from unauthorized locations, even if an API key is compromised.
  • Error Handling and Logging: Implement robust error handling in your application to gracefully manage API authentication failures. Log authentication attempts and failures (without logging the API key itself) to help identify and diagnose potential security incidents.

By diligently applying these best practices, you can significantly enhance the security posture of your integration with the JSON2Video API and protect your programmatic video operations.