Authentication

ApiKey

ApiKey is your root server credential, for use primarily with the Admin API

Header Format

X-Api-Key: <WYSP_API_KEY>

API Key Usage

curl -sS \
  "https://api.wysp.ai/v1/users" \
  -H "X-Api-Key: wak-xxxxxxxxxxxxxxx"

Lifecycle

An initial ApiKey is provisioned and transmitted to you out-of-band by your Wysp contact person.

You can rotate your ApiKey at any time using the Rotate Api Key endpoint. This issues a new key and invalidates the previous one (with an optional grace period).

UserToken

A UserToken is scoped to one user, and grants the bearer authorization to connect to the User’s session.

Header Format

Authorization: Bearer <USER_TOKEN>

UserToken Usage

curl -sS \
  "$WYSP_BASE_URL/account" \
  -H "Authorization: Bearer $WYSP_USER_TOKEN"

Lifecycle

UserToken has an explicit expiration (expiresAt).

You can issue a token for a user at any time using the Issue User Token endpoint.

You can revoke all outstanding tokens for a user using the Revoke User Token endpoint.

Acting-as-user

Caution

Since the ApiKey is a root credential, this approach must only be used from secure server-side environments. Never send the ApiKey to client devices; use a UserToken instead.

For server-side integrations where issuing and managing short-lived UserTokens is unnecessary overhead, you can authenticate directly with your ApiKey by providing the target user’s ID in an X-User-Id header:

Header Format

X-Api-Key: <WYSP_API_KEY>
X-User-Id: <USER_ID>

Acting-as-user Request

curl -sS \
  "https://api.wysp.ai/v1/clips/934f9075-4f48-420d-945a-bb10e03c4ee4" \
  -H "X-Api-Key: wak-xxxxxxxxxxxxxxx" \
  -H "X-User-Id: 1ec4581a-401b-4610-b50b-800180e229b2"