Skip to main content

API Keys

All API requests require authentication using an API key. Include your key in the x-api-key header with every request. 
curl -X GET "https://tornado.velys.software/usage" \
  -H "x-api-key: sk_your_api_key"

Key Format

API keys follow this format:
  • Prefix: sk_ (secret key)
  • Length: 32 characters total
  • Example: sk_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
Keep your API key secret! Never expose it in client-side code or public repositories.

Request Headers

HeaderRequiredDescription
x-api-keyYesYour API key for authentication
Content-TypeFor POSTSet to application/json for JSON payloads

Error Responses

Missing API Key

{
  "error": "Missing x-api-key header"
}
Status Code: 401 Unauthorized

Invalid API Key

{
  "error": "Invalid API Key"
}
Status Code: 401 Unauthorized

Code Examples

import requests

headers = {
    "x-api-key": "sk_your_api_key",
    "Content-Type": "application/json"
}

response = requests.post(
    "https://tornado.velys.software/jobs",
    headers=headers,
    json={"url": "https://youtube.com/watch?v=..."}
)

Rate Limits

Currently, there are no strict rate limits. However, we recommend:
  • Maximum 500 concurrent jobs per API key
  • Polling interval of 2-5 seconds for job status
Contact us if you need higher limits for your use case.

Security Best Practices

Store your API key in environment variables, not in code:
export TORNADO_API_KEY="sk_your_api_key"
Always make API calls from your backend server, never from client-side JavaScript.
If you suspect your key is compromised, contact us immediately for a new key.