Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.openwhispr.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys authenticate requests to the REST API and the MCP server.

Creating a key

  1. Open the OpenWhispr desktop app
  2. Go to Integrations > API Keys
  3. Click Create API Key
  4. Give it a name and select the scopes you need
  5. Copy the key — it starts with owk_live_ and is only shown once
Store your key securely. If you lose it, revoke it and create a new one.

Creating keys via the API

AI assistants can create their own keys programmatically using the agent setup flow. You can also manage keys via the API:
  • POST /v1/keys/create — create a new key
  • GET /v1/keys/list — list active keys
  • POST /v1/keys/{id}/revoke — revoke a key
These endpoints accept both desktop session auth and agent session tokens (owt_ prefix).

Scopes

Each key has specific permissions. Choose only what you need.
ScopeAccess
notes:readList, get, and search notes. List folders.
notes:writeCreate, update, and delete notes. Create folders.
transcriptions:readList and get transcription history.
usage:readRead usage statistics and plan details.

Limits

  • Max 5 API keys per user
  • Keys can optionally have an expiration date
  • Keys can be revoked at any time from the desktop app

Key format

owk_live_<base64url-encoded-random-bytes>
Keys are 32 bytes of cryptographic randomness, prefixed with owk_live_ for identification. Only the SHA-256 hash is stored server-side — the raw key cannot be recovered after creation.

Best practices

  • Use separate keys for different integrations so you can revoke one without affecting others
  • Set expiration dates for keys used in temporary automations
  • Use the minimum scopes needed — a read-only dashboard doesn’t need notes:write