> ## Documentation Index
> Fetch the complete documentation index at: https://docs.vued.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Understand API keys, org scope, desktop discovery, and encrypted-content boundaries.

## Cloud authentication

Cloud requests use bearer authentication:

```http theme={null}
Authorization: Bearer vued_live_...
```

Accepted token types:

| Token          | Use                                                        |
| -------------- | ---------------------------------------------------------- |
| Supabase JWT   | Full user-session access.                                  |
| Public API key | `vued_live_...` key scoped to one org and explicit scopes. |

Most cloud routes are organization-scoped:

```text theme={null}
/v1/orgs/{org_id}/...
```

The SDK stores the default org on the client:

```python theme={null}
client = Vued(api_key="vued_live_...", org_id="org_uuid")
```

## Public API key scopes

| Scope              | Grants                                                                      |
| ------------------ | --------------------------------------------------------------------------- |
| `records:read`     | Read fallback for meetings, transcripts, files, speakers, rooms, and users. |
| `meetings:read`    | Meeting audio and semantic meeting references.                              |
| `transcripts:read` | Semantic search and transcript audio.                                       |
| `files:read`       | File and folder reads, grants, and downloads.                               |
| `files:write`      | File and folder create, update, grant, and revoke.                          |
| `speakers:read`    | Speaker profile reads.                                                      |
| `rooms:read`       | Room and microphone reads.                                                  |
| `rooms:write`      | Room create and update.                                                     |
| `users:read`       | Organization user reads.                                                    |
| `webhooks:read`    | Webhook reads.                                                              |
| `webhooks:write`   | Webhook create, update, and delete.                                         |
| `api_keys:read`    | Public API key reads.                                                       |
| `api_keys:write`   | Public API key create and revoke.                                           |
| `org:<org_uuid>`   | Restricts a key to one org.                                                 |

## Local desktop authentication

The desktop app writes a local discovery file that contains the local API URL and a runtime bearer token. The Python SDK reads this automatically.

Discovery order:

1. `VUED_LOCAL_API_URL` plus `VUED_LOCAL_API_TOKEN`
2. `VUED_LOCAL_API_DISCOVERY`
3. OS app-support `local-api.json` under `Vued Dev`, `Vued`, `vued-web`, or legacy `Electron`

Discovery file shape:

```json theme={null}
{
  "host": "127.0.0.1",
  "port": 39391,
  "pid": 12345,
  "version": 1,
  "profile": "prod",
  "authToken": "run-local-secret",
  "startedAt": 1782345600000
}
```

<Warning>
  Never commit public API keys, local desktop tokens, webhook secrets, OAuth tokens, or `.env` files.
</Warning>