Skip to main content
Every WebSocket connection needs a valid API key. Send it as a header in the WebSocket upgrade request:
X-API-Key: YOUR_API_KEY
Most WebSocket client libraries let you set custom headers for the upgrade request.

Public JWT keys

If you connect with a public JWT key (pk_jwt_...), also send the user’s token in the Authorization header:
X-API-Key: pk_jwt_YOUR_PUBLIC_KEY
Authorization: Bearer USER_JWT

From a browser

Browsers cannot set headers on a WebSocket handshake. For that one case, pass the credentials as query parameters instead:
wss://api.radion.app/ws?api-key=YOUR_API_KEY&token=USER_JWT
Use token only with a public JWT key. Radion reads query parameters on the WebSocket upgrade only, never on plain HTTP requests.
Prefer headers. Proxies and servers log URLs, so a key in the query string can leak into their logs. Use the query string only when your client cannot set headers, such as a browser WebSocket.
The key you connect with sets the rate limits for that connection. Radion checks the key again about every 30 seconds while the connection is open. If the key is revoked, Radion closes the connection with a key_revoked error frame. If the key is missing or wrong, the upgrade is rejected. A bad key returns HTTP 401.
Last modified on July 2, 2026