The Settings section lets you manage API credentials, webhooks, team members, and platform configuration.
API keys
Manage API credentials at Settings → API Keys.
Key types
| Type | Prefix | Usage | Security |
|---|
| Publishable | pk_ | SDK initialization | Safe for client code |
| Secret | sk_ | Server API, Admin Portal | Never expose publicly |
Environments
Separate keys for each environment:
- Production: Live keys for your production app
- Staging: Test keys for staging environment
- Development: Keys for local development
Creating keys
- Go to Settings → API Keys
- Click Create Key Pair
- Select environment
- Optionally add a description
- Copy and securely store the secret key
Secret keys are shown only once. Store them securely in your environment variables or secrets manager.
Rotating keys
To rotate a compromised key:
- Create a new key pair
- Update your applications with the new keys
- Delete the old key pair
Key permissions
Coming soon: Fine-grained permissions for API keys.
Webhooks
Configure event notifications at Settings → Webhooks.
Creating a webhook
- Click Add Webhook
- Enter endpoint URL (must be HTTPS)
- Select events to receive:
content.readycontent.erroredexport.ready
- Save
Events are sent as POST requests:
{
"event": "content.ready",
"data": {
"contentId": "cnt_abc123",
"title": "My Video",
"duration": 45.2,
"status": "ready"
},
"timestamp": "2024-02-04T12:00:00Z",
"webhookId": "whk_xyz789"
}
Signature verification
Verify webhook authenticity using the signature header:
X-Shortform-Signature: sha256=abc123...
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expected = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return `sha256=${expected}` === signature;
}
Webhook secret
Find your signing secret:
- Go to Settings → Webhooks
- Click on a webhook
- Copy the Signing Secret
Testing webhooks
Send a test event:
- Go to webhook detail
- Click Send Test
- Select event type
- Check your endpoint received it
Retry policy
Failed webhooks are retried:
- 5 attempts with exponential backoff
- 1 min, 5 min, 30 min, 2 hours, 24 hours
- After all retries, event is logged as failed
Webhook logs
View delivery attempts:
- Go to webhook detail
- See Recent Deliveries
- View request/response for each attempt
Team management
Manage team access at Settings → Team.
Inviting members
- Click Invite Member
- Enter email address
- Select role (currently all members have full access)
- Click Send Invite
Invitee receives email with login link.
Managing members
- View all team members
- See last active time
- Remove members
Role-based access (coming soon)
| Role | Permissions |
|---|
| Admin | Full access, team management |
| Developer | API keys, webhooks, SDK config |
| Product Manager | Experiments, analytics, feed config |
| Editor | Content management, editorial |
| Ad Ops | Ad configuration, revenue |
| Viewer | Read-only analytics |
Organization profile
Update organization info at Settings → Profile.
Basic info
- Organization name: Displayed in Admin Portal
- Logo: Used in portal branding
- Billing contact: For invoices
Billing
- View current plan
- Usage metrics
- Invoice history
- Update payment method
Branded CDN domain
Configure custom domain at Settings → Branding → CDN Domain.
Setup
- Enter your domain (e.g.,
video.yourcompany.com)
- Create DNS CNAME record pointing to
cdn.shortkit.dev
- Click Verify
- SSL is automatically provisioned
DNS configuration
| Type | Name | Value |
|---|
| CNAME | video | cdn.shortkit.dev |
Deep link domain
Configure sharing URLs at Settings → Branding → Deep Links.
Configuration
- Domain: Your app’s deep link domain
- Path template: URL pattern (e.g.,
/watch/{contentId})
- Fallback URL: Where to send users without the app
Playback restrictions
Configure security at Settings → Playback Restrictions.
Domain allowlist
Only allow playback from specified domains:
- Add allowed domains
- Support wildcards (e.g.,
*.yourcompany.com)
- Save
Additional settings
| Setting | Description | Default |
|---|
| Allow no referrer | Allow requests without referrer header | Off |
| Allow high-risk user agents | Allow known scraper user agents | Off |
CDN URL expiry
Configure signed URL validity:
- Range: 1-24 hours
- Default: 6 hours
- Shorter = more secure, longer = better for long sessions
Auto-captioning
Configure at Settings → Auto-captioning.
Settings
- Enable auto-captions: Generate captions automatically
- Default languages: Languages to generate
- Apply to: New content only, or all content
Transcription vocabulary
Add custom words for better accuracy:
- Go to Settings → Transcription Vocabulary
- Add words/phrases (brand names, technical terms)
- Up to 1,000 phrases
Watermarking
Configure at Settings → Watermarking.
Visible watermark
- Text: Watermark text (e.g., ”© Your Company”)
- Position: Corner placement
- Opacity: Transparency level
- Font size: Text size
Forensic watermark
Enable invisible watermarking for tracking unauthorized distribution.
Data export
Configure scheduled exports at Settings → Data Export.
Scheduled exports
- Enable scheduled exports
- Set frequency (daily, weekly)
- Select data types
- Configure delivery:
- Webhook URL
- Email notification
Integrations
Connect third-party services at Settings → Integrations.
Available integrations
- Slack: Notifications for content ready, errors
- Analytics: Send data to your analytics platform
- CMS: Connect to content management systems
Audit log
View all changes at Settings → Audit Log.
Logged events
- Configuration changes
- Team member changes
- API key operations
- Content actions
Filtering
- By user
- By action type
- By date range
Next steps
