Authentication
Every request needs a Bearer token. Copy your default dashboard key and store it in an env var.
Every request needs an API key as a Bearer token.
Authorization: Bearer $STOPHY_API_KEYNew accounts get a default API key automatically. Copy or reveal it from stophy.dev/dashboard, then keep it in an environment variable:
export STOPHY_API_KEY="st_YOUR_API_KEY"Example
With the TypeScript or Python SDK you pass the key once to the client and it sets this header on every request. These examples show the raw header for when you call the API directly.
curl -X POST https://api.stophy.dev/v1/video \
-H "Authorization: Bearer $STOPHY_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "videoUrl": "https://www.youtube.com/watch?v=D7liwdjvhWc", "type": "details" }'const res = await fetch("https://api.stophy.dev/v1/video", {
method: "POST",
headers: {
"Authorization": `Bearer ${process.env.STOPHY_API_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
videoUrl: "https://www.youtube.com/watch?v=D7liwdjvhWc",
type: "details",
}),
});import os
import httpx
res = httpx.post(
"https://api.stophy.dev/v1/video",
headers={"Authorization": f"Bearer {os.environ['STOPHY_API_KEY']}"},
json={"videoUrl": "https://www.youtube.com/watch?v=D7liwdjvhWc", "type": "details"},
)Managing keys
Keys are copied, revealed, created, and revoked from your dashboard. New accounts start with one default key; create more as needed.
Keep keys out of source code. Store them in environment variables and never commit them to git.
For MCP, prefer header- or env-based auth over putting the key in the URL path, which can leak it through browser history, Referer headers, and proxy or CDN logs.
# .env
STOPHY_API_KEY=st_YOUR_API_KEYError response
Invalid or missing key returns 401:
{
"success": false,
"code": "UNAUTHORIZED",
"error": "Invalid or missing API key."
}