or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

analytics-metrics.mdclient-setup.mddata.mddelivery-usage.mderror-handling.mdindex.mdjwt-signing.mdjwt.mdlive-streaming.mdplayback-control.mdsystem-operations.mdsystem.mdtranscription-vocabularies.mdupload-utilities.mdvideo-assets.mdvideo-playback.mdvideo-uploads.mdvideo.mdweb-inputs.mdwebhooks.md

system.mddocs/

0
# System Module
1


2
The System module provides system-level utilities including JWT signing key management and account information retrieval.
3


4
## Imports
5


6
```typescript
7
import Mux from '@mux/mux-node';
8


9
const client = new Mux({
10
  tokenId: 'YOUR_TOKEN_ID',
11
  tokenSecret: 'YOUR_TOKEN_SECRET',
12
});
13


14
// Access system resources
15
const signingKeys = client.system.signingKeys;
16
const utilities = client.system.utilities;
17
```
18


19
## Capabilities
20


21
### Signing Keys
22


23
Manage JWT signing keys for secure playback. Signing keys are used to create JWT tokens for signed playback IDs and DRM licenses.
24


25
```typescript { .api }
26
interface SigningKeys {
27
  /**
28
   * Create a new signing key
29
   */
30
  create(options?: RequestOptions): Promise<SigningKey>;
31


32
  /**
33
   * Retrieve signing key details
34
   */
35
  retrieve(signingKeyId: string, options?: RequestOptions): Promise<SigningKey>;
36


37
  /**
38
   * List all signing keys
39
   */
40
  list(query?: SigningKeyListParams, options?: RequestOptions): PagePromise<SigningKeysBasePage, SigningKey>;
41


42
  /**
43
   * Delete a signing key
44
   */
45
  delete(signingKeyId: string, options?: RequestOptions): Promise<void>;
46
}
47


48
interface SigningKey {
49
  /** Unique identifier */
50
  id: string;
51
  /** Creation timestamp */
52
  created_at: string;
53
  /** RSA private key in PEM format (only returned on creation) */
54
  private_key?: string;
55
  /** RSA public key in PEM format */
56
  public_key: string;
57
}
58


59
interface SigningKeyListParams {
60
  /** Items per page */
61
  limit?: number;
62
  /** Page number */
63
  page?: number;
64
}
65
```
66


67
**Usage Example:**
68


69
```typescript
70
// Create a new signing key
71
const signingKey = await client.system.signingKeys.create();
72


73
// IMPORTANT: Save the private_key immediately - it's only returned once
74
console.log('Private Key:', signingKey.private_key);
75
console.log('Key ID:', signingKey.id);
76


77
// List all signing keys
78
const keys = await client.system.signingKeys.list();
79


80
// Delete a signing key
81
await client.system.signingKeys.delete(signingKey.id);
82
```
83


84
**Important Notes:**
85


86
- The `private_key` is **only returned when creating a new signing key**. Store it securely.
87
- Signing keys are used with the JWT module to sign playback tokens.
88
- You can have multiple active signing keys to support key rotation.
89
- Deleting a signing key will invalidate all tokens signed with that key.
90


91
### Utilities
92


93
System utility endpoints for account information.
94


95
```typescript { .api }
96
interface Utilities {
97
  /**
98
   * Get information about the authenticated account
99
   */
100
  whoami(options?: RequestOptions): Promise<WhoamiResponse>;
101
}
102


103
interface WhoamiResponse {
104
  /** Environment ID */
105
  id: string;
106
  /** Environment name */
107
  name: string;
108
  /** Creation timestamp */
109
  created_at: string;
110
}
111
```
112


113
**Usage Example:**
114


115
```typescript
116
// Get current environment information
117
const account = await client.system.utilities.whoami();
118


119
console.log('Environment ID:', account.id);
120
console.log('Environment Name:', account.name);
121
console.log('Created At:', account.created_at);
122
```
123


124
## Signing Key Workflow
125


126
Here's a complete workflow for creating and using signing keys:
127


128
```typescript
129
// Step 1: Create a signing key
130
const signingKey = await client.system.signingKeys.create();
131


132
// Step 2: Save the private key securely (it won't be retrievable later)
133
// In production, store in a secure secret manager
134
process.env.MUX_PRIVATE_KEY = signingKey.private_key;
135
process.env.MUX_SIGNING_KEY = signingKey.id;
136


137
// Step 3: Create a new client with the signing key
138
const clientWithSigning = new Mux({
139
  tokenId: 'YOUR_TOKEN_ID',
140
  tokenSecret: 'YOUR_TOKEN_SECRET',
141
  jwtSigningKey: signingKey.id,
142
  jwtPrivateKey: signingKey.private_key,
143
});
144


145
// Step 4: Use the signing key to create signed playback tokens
146
const token = await clientWithSigning.jwt.signPlaybackId('PLAYBACK_ID', {
147
  type: 'video',
148
  expiration: '1h',
149
});
150


151
// Step 5: Use the token in playback URLs
152
const playbackUrl = `https://stream.mux.com/PLAYBACK_ID?token=${token}`;
153
```
154


155
## Key Rotation
156


157
To rotate signing keys without downtime:
158


159
```typescript
160
// 1. Create a new signing key
161
const newKey = await client.system.signingKeys.create();
162


163
// 2. Update your application to use the new key for new tokens
164
// Keep the old key active for existing tokens
165


166
// 3. Wait for all old tokens to expire (based on expiration time)
167


168
// 4. Delete the old signing key
169
await client.system.signingKeys.delete(oldKeyId);
170
```
171