The Daily REST API uses API keys to authenticate requests. Your API key is available in the Developers section of the Daily dashboard.
- Domain owners can view and regenerate the API key.
- Members do not have access to the API key. Request it from an owner, or ask an owner to grant you administrator privileges.
Staging and testing
Daily doesn’t support adding a second domain to an existing account. To set up a staging environment, sign up for a separate Daily account using a variant of your domain name (e.g. yourdomain-dev). The new account’s API key is immediately available under the Developers tab in the dashboard.
Contact support after creating the staging account to ensure it has access to the same features as your production account at no extra charge.
Making authenticated requests
Include your API key in the Authorization header of every request:
curl --request GET \
--url https://api.daily.co/v1/rooms \
--header 'Authorization: Bearer DAILY_API_KEY'
Never include your API key in client-side browser code. Treat it like a password.
Authentication errors
| Condition | HTTP status | error value |
|---|
Authorization header missing or malformed | 400 | authorization-header-error |
| API key is not valid | 401 | authentication-error |
Rate limits
Daily rate-limits the API to ensure stability for all users. If you exceed the limits, you’ll receive a 429 response with error: "rate-limit-error".
| Endpoints | Limit |
|---|
| Most endpoints | 20 req/sec, or 100 req per 5-second window |
DELETE /rooms/:name, GET /recordings | ~2 req/sec, or 50 req per 30-second window |
| Start recording, live streaming, PSTN, or SIP | ~1 req/sec, or 5 req per 5-second window |
429 responses by retrying with exponential backoff. Contact support if you need higher limits. 
