Skip to main content
AI assistants like Claude, Cursor, and VS Code can create their own OpenWhispr API key without opening the desktop app. The entire flow happens via API — the only human step is pasting a 6-digit code.

How it works

1

Request a verification code

The agent sends your email to the API:
You’ll receive a 6-digit code by email.
2

Verify the code

Paste the code when the agent asks for it:
Returns a short-lived session token (valid for 15 minutes):
3

Create an API key

The agent uses the session token to create a permanent key:
Returns:
The agent stores the owk_live_ key and uses it for all future requests — same as a key created in the desktop app.

Rate limits

  • 1 code per 60 seconds per email
  • 5 codes per hour per email
  • 10 codes per hour per IP
  • 5 attempts per code before it’s locked
  • Codes expire after 10 minutes
  • Session tokens expire after 15 minutes

Managing keys via the API

Once authenticated with a session token or desktop session, you can manage keys: See API keys for scope details and limits.

Security

  • The verification code is hashed server-side — it’s never stored in plain text
  • Session tokens have a 15-minute TTL and can only manage API keys (not read notes)
  • The token prefix owt_ distinguishes session tokens from owk_live_ API keys
  • Requesting a code for a non-existent email returns the same response to prevent enumeration