tessl/npm-mux--mux-node
Official TypeScript library providing comprehensive client access to Mux's video infrastructure API including asset management, live streaming, analytics, and webhook handling
system-operations.mddocs/
System Operations
System-level operations including JWT signing key management and account utilities for configuring and monitoring Mux platform access and security settings.
Capabilities
JWT Signing Key Management
Manage JWT signing keys for secure token generation and API access control.
/**
* Create a new JWT signing key
* @returns Promise resolving to the created signing key
*/
create(): Promise<SigningKey>;
interface SigningKey {
/** Signing key identifier */
id: string;
/** Base64-encoded private key for JWT signing */
private_key: string;
/** Creation timestamp */
created_at: string;
}
/**
* Retrieve signing key details
* @param signingKeyId - The signing key identifier
* @returns Promise resolving to signing key details
*/
retrieve(signingKeyId: string): Promise<SigningKey>;
/**
* List signing keys with pagination
* @param query - Listing parameters
* @returns Paginated list of signing keys
*/
list(query?: SigningKeyListParams): PagePromise<SigningKeysBasePage, SigningKey>;
interface SigningKeyListParams extends BasePageParams {
/** Additional filtering options */
[key: string]: any;
}
/**
* Delete a signing key permanently
* @param signingKeyId - The signing key identifier
* @returns Promise that resolves when deletion is complete
*/
delete(signingKeyId: string): Promise<void>;Usage Examples:
// Create a new signing key
const signingKey = await mux.system.signingKeys.create();
console.log('New signing key ID:', signingKey.id);
// Store the private key securely
process.env.MUX_PRIVATE_KEY = signingKey.private_key;
// List all signing keys
const signingKeys = await mux.system.signingKeys.list();
console.log(`Total signing keys: ${signingKeys.data.length}`);
// Retrieve specific signing key
const key = await mux.system.signingKeys.retrieve('signing-key-id');
// Delete old signing key
await mux.system.signingKeys.delete('old-signing-key-id');Account Utilities
Access account information and token details for debugging and monitoring purposes.
/**
* Get information about the current API token and account
* @returns Promise resolving to token and account information
*/
whoami(): Promise<UtilityWhoamiResponse>;
interface UtilityWhoamiResponse {
/** Access token name */
access_token_name: string;
/** Environment identifier */
environment_id: string;
/** Environment name */
environment_name: string;
/** Environment type (production, development, etc) */
environment_type: string;
/** Organization identifier */
organization_id: string;
/** Organization name */
organization_name: string;
/** Token permissions */
permissions: Array<string>;
}Usage Examples:
// Get current token information
const info = await mux.system.utilities.whoami();
console.log('Organization ID:', info.organization_id);
console.log('Environment:', info.environment_name);
console.log('Token permissions:', info.permissions);
// Verify token permissions
if (info.permissions.includes('video')) {
console.log('Token has video access');
}Key Management Best Practices
Signing Key Rotation
Implement regular signing key rotation for enhanced security:
async function rotateSigningKey() {
// Create new signing key
const newKey = await mux.system.signingKeys.create();
// Update environment/configuration with new key
await updateConfiguration({
MUX_SIGNING_KEY: newKey.id,
MUX_PRIVATE_KEY: newKey.private_key,
});
// Wait for propagation (allow time for new key to be active)
await new Promise(resolve => setTimeout(resolve, 30000));
// List existing keys to find old ones
const keys = await mux.system.signingKeys.list();
// Delete keys older than the new one
for (const key of keys.data) {
if (key.id !== newKey.id && new Date(key.created_at) < new Date(newKey.created_at)) {
await mux.system.signingKeys.delete(key.id);
console.log(`Deleted old signing key: ${key.id}`);
}
}
console.log(`Signing key rotation complete. New key ID: ${newKey.id}`);
}
// Rotate keys monthly
setInterval(rotateSigningKey, 30 * 24 * 60 * 60 * 1000);Monitoring and Alerts
Monitor token usage and permissions:
async function monitorTokenHealth() {
try {
const info = await mux.system.utilities.whoami();
// Verify expected permissions
const requiredPermissions = ['video', 'data'];
const hasPermissions = requiredPermissions.every(perm =>
info.permissions.includes(perm)
);
if (!hasPermissions) {
console.error('Token missing required permissions');
}
console.log(`Token health check passed for ${info.environment_name}`);
console.log(`Organization: ${info.organization_name}`);
} catch (error) {
console.error('Token health check failed:', error);
}
}
// Check token health hourly
setInterval(monitorTokenHealth, 60 * 60 * 1000);Development vs Production Keys
Separate signing keys for different environments:
async function setupEnvironmentKeys() {
const environments = ['development', 'staging', 'production'];
for (const env of environments) {
// Create dedicated signing key for each environment
const key = await mux.system.signingKeys.create();
console.log(`${env.toUpperCase()} signing key created:`);
console.log(` ID: ${key.id}`);
console.log(` Set MUX_SIGNING_KEY=${key.id}`);
console.log(` Set MUX_PRIVATE_KEY=${key.private_key}`);
console.log('');
}
}Emergency Key Recovery
Handle emergency scenarios where keys need to be recreated:
async function emergencyKeyRecovery() {
console.log('Starting emergency key recovery...');
try {
// Verify current token still works
await mux.system.utilities.whoami();
console.log('Current token is still valid');
} catch (error) {
console.error('Current token is invalid, manual intervention required');
return;
}
// Create new signing key immediately
const emergencyKey = await mux.system.signingKeys.create();
console.log('Emergency signing key created:');
console.log(`ID: ${emergencyKey.id}`);
console.log(`Private Key: ${emergencyKey.private_key}`);
// List and optionally delete compromised keys
const keys = await mux.system.signingKeys.list();
console.log(`Found ${keys.data.length} total signing keys`);
// Manual approval needed for deletion in emergency situations
console.log('Review and delete compromised keys manually');
}Error Handling
import {
AuthenticationError,
PermissionDeniedError,
NotFoundError
} from '@mux/mux-node';
async function handleSystemOperationErrors() {
try {
const key = await mux.system.signingKeys.create();
console.log('Signing key created successfully');
} catch (error) {
if (error instanceof AuthenticationError) {
console.error('Authentication failed - check token credentials');
} else if (error instanceof PermissionDeniedError) {
console.error('Insufficient permissions to create signing keys');
} else {
console.error('Unexpected error:', error.message);
}
}
try {
const info = await mux.system.utilities.whoami();
console.log('Token info retrieved successfully');
} catch (error) {
if (error instanceof NotFoundError) {
console.error('Token not found or invalid');
} else {
console.error('Failed to get token info:', error.message);
}
}
}Types
interface SigningKeyCreateResponse {
/** Created signing key data */
data: SigningKey;
}
interface SigningKeyListResponse {
/** Array of signing keys */
data: Array<SigningKey>;
/** Pagination information */
pagination?: PaginationInfo;
}
interface PaginationInfo {
/** Current page number */
page: number;
/** Number of items per page */
limit: number;
/** Total number of items */
total: number;
}
type TokenType = 'api_token' | 'signing_key';
interface TokenPermissions {
/** Video asset permissions */
video_assets?: Array<'read' | 'write' | 'delete'>;
/** Live stream permissions */
live_streams?: Array<'read' | 'write' | 'delete'>;
/** Data analytics permissions */
data?: Array<'read'>;
/** System permissions */
system?: Array<'read' | 'write'>;
}Install with Tessl CLI
npx tessl i tessl/npm-mux--mux-nodedocs