Skip to main content

Overview

The Attendee API uses token-based authentication. Every API request must include your API key in the Authorization header using the Token scheme.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail.

Getting Your API Key

1

Create an account

Sign up for a free account at app.attendee.dev/accounts/signup
2

Navigate to API Keys

After signing in, go to the API Keys section in the sidebar
3

Generate a new key

Click “Create API Key” to generate a new token. Give it a descriptive name to help you identify it later.
4

Copy your key

Copy the API key immediately - you won’t be able to see it again after closing the dialog.
Store your API key securely. Never commit it to version control or expose it in client-side code.

Making Authenticated Requests

Include your API key in the Authorization header of every request: 
Authorization: Token YOUR_API_KEY_HERE

Full Request Example

cURL
curl -X POST https://app.attendee.dev/api/v1/bots \
  -H 'Authorization: Token YOUR_API_KEY_HERE' \
  -H 'Content-Type: application/json' \
  -d '{
    "meeting_url": "https://zoom.us/j/123456789",
    "bot_name": "My Bot"
  }'

import requests

API_KEY = 'your_api_key_here'

headers = {
    'Authorization': f'Token {API_KEY}',
    'Content-Type': 'application/json'
}

response = requests.post(
    'https://app.attendee.dev/api/v1/bots',
    headers=headers,
    json={
        'meeting_url': 'https://zoom.us/j/123456789',
        'bot_name': 'My Bot'
    }
)

print(response.json())

Authentication Errors

If authentication fails, you’ll receive one of these error responses:

Missing API Key

Status Code: 401 Unauthorized 
{
  "detail": "Authentication credentials were not provided."
}
This occurs when the Authorization header is missing or empty.

Invalid API Key

Status Code: 401 Unauthorized 
{
  "detail": "Invalid token."
}
This occurs when:
  • The API key is incorrect
  • The API key has been revoked
  • The API key format is malformed

Incorrect Authorization Format

Status Code: 401 Unauthorized Make sure you’re using the correct format: 
Authorization: Token YOUR_API_KEY

API Key Management

Creating Multiple Keys

You can create multiple API keys for different environments or use cases:
  • Production - For your production application
  • Staging - For testing before deployment
  • Development - For local development
  • CI/CD - For automated testing pipelines
Use descriptive names for your API keys to easily identify their purpose later.

Rotating API Keys

To rotate your API keys:
  1. Create a new API key in the Attendee dashboard
  2. Update your application to use the new key
  3. Test that everything works with the new key
  4. Revoke the old API key
Once you revoke an API key, all requests using that key will immediately fail. Make sure your application is using the new key before revoking the old one.

Revoking API Keys

To revoke an API key:
  1. Navigate to the API Keys section in the dashboard
  2. Find the key you want to revoke
  3. Click the Revoke button
  4. Confirm the revocation
Revoked keys cannot be recovered. You’ll need to create a new key if you revoke one by mistake.

Security Best Practices

Use Environment Variables

Store API keys in environment variables, never hardcode them in your source code.
export ATTENDEE_API_KEY="your_api_key_here"

Restrict Key Access

Only share API keys with team members who need them. Use separate keys for different environments.

Rotate Regularly

Rotate your API keys periodically, especially if you suspect they may have been compromised.

Monitor Usage

Regularly review your API key usage in the dashboard to detect any suspicious activity.

Additional Credentials

Besides your Attendee API key, you’ll also need to configure:

Zoom OAuth Credentials

Required for joining Zoom meetings. Configure these in the Settings section:
  • Client ID - From your Zoom General App
  • Client Secret - From your Zoom General App
See the Quickstart guide for detailed instructions on obtaining Zoom OAuth credentials.

Deepgram API Key

Required for transcribing meetings. Add this in the Settings section:

Self-Hosted Instances

If you’re running a self-hosted instance of Attendee:
  1. Replace https://app.attendee.dev with your instance URL
  2. Create API keys through your instance’s dashboard
  3. Follow the same authentication process
curl -X POST https://your-instance.com/api/v1/bots \
  -H 'Authorization: Token YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{"meeting_url": "...", "bot_name": "My Bot"}'

Next Steps

Quickstart Guide

Send your first bot to a meeting

API Reference

Explore all available endpoints

Webhooks

Set up real-time notifications

Bot Configuration

Customize bot behavior

Build docs developers (and LLMs) love

Get started for freeTalk to us