API keys authenticate requests to the REST API and the MCP server.
Creating a key
- Open the OpenWhispr desktop app
- Go to Settings > API Keys
- Click Create API Key
- Give it a name and select the scopes you need
- Copy the key — it starts with
owk_live_ and is only shown once
Store your key securely. If you lose it, revoke it and create a new one.
Creating keys via the API
AI assistants can create their own keys programmatically using the agent setup flow. You can also manage keys via the API:
POST /v1/keys/create — create a new keyGET /v1/keys/list — list active keysPOST /v1/keys/{id}/revoke — revoke a key
These endpoints accept both desktop session auth and agent session tokens (owt_ prefix).
Scopes
Each key has specific permissions. Choose only what you need.
| Scope | Access |
|---|
notes:read | List, get, and search notes. List folders. |
notes:write | Create, update, and delete notes. Create folders. |
transcriptions:read | List and get transcription history. |
usage:read | Read usage statistics and plan details. |
Limits
- Max 5 API keys per user
- Keys can optionally have an expiration date
- Keys can be revoked at any time from the desktop app
owk_live_<base64url-encoded-random-bytes>
owk_live_ for identification. Only the SHA-256 hash is stored server-side — the raw key cannot be recovered after creation.
Best practices
- Use separate keys for different integrations so you can revoke one without affecting others
- Set expiration dates for keys used in temporary automations
- Use the minimum scopes needed — a read-only dashboard doesn’t need
notes:write
