Yes — Timeless now has a public API.
You can use it to retrieve your meetings, transcripts, recordings, AI-generated documents, and rooms — and set up webhooks to get notified when meetings are processed.
Full documentation: docs.timeless.day/api-reference/introduction
What's available
Feature | Description |
List meetings | Retrieve your meetings with filtering by date, status, participant, and more |
Get transcript | Fetch the full speaker-identified, timestamped transcript for any meeting |
Get recording | Download a temporary URL to the meeting recording |
Get document | Retrieve AI-generated summaries, action items, and notes |
List rooms | Retrieve rooms that group related meetings |
Upload media | Upload an audio or video file for Timeless to process |
Webhooks | Get notified when a meeting transcript or summary is ready |
Who has access
The API is available on the MAX and Business plans. It is not included in Free or Pro.
To generate your API token, go to: my.timeless.day/api-token
Authentication
Include your token in every request using the Authorization header:
bash
curl https://api.timeless.day/v1/meetings \ -H "Authorization: Bearer YOUR_API_TOKEN"
Tokens are 64-character hex strings. Keep them secret.
Webhooks
Webhooks let Timeless push a notification to your server when something happens, so you don't have to poll.
Supported events:
meeting.transcript_ready— fires when the transcript is availablemeeting.initial_summary_ready— fires when the AI summary is ready
To register a webhook:
bash
curl -X POST https://api.timeless.day/v1/webhooks \ -H "Authorization: Bearer YOUR_API_TOKEN" \ -H "Content-Type: application/json" \ -d '{ "url": "https://your-server.com/webhooks/timeless", "events": ["meeting.transcript_ready", "meeting.initial_summary_ready"] }' The response includes a secret — save it immediately, it's only shown once. You'll use it to verify that incoming requests genuinely came from Timeless.
Verifying signatures:
Every webhook delivery includes an X-Webhook-Signature header in the format sha256=<hex>. Verify it like this:
python
import hashlib, hmac def verify_signature(payload: bytes, signature_header: str, secret: str) -> bool: expected = hmac.new(secret.encode(), payload, hashlib.sha256).hexdigest() received = signature_header.removeprefix("sha256=") return hmac.compare_digest(expected, received) javascript
const crypto = require("crypto"); function verifySignature(payload, signatureHeader, secret) { const expected = crypto.createHmac("sha256", secret).update(payload).digest("hex"); const received = signatureHeader.replace("sha256=", ""); return crypto.timingSafeEqual(Buffer.from(expected), Buffer.from(received)); } Always use a constant-time comparison to prevent timing attacks.
Retry behavior:
Deliveries time out after 10 seconds
Your endpoint must return a
2xxstatus to confirm receiptFailed deliveries are retried up to 3 times (after 1s, 10s, 60s)
Retries happen for 5xx errors, 429s, and network failures — not for 4xx client errors
Rate limits
Endpoint | Limit |
Most endpoints | 60 requests/minute |
Webhook creation | 20 requests/minute |
File upload | 10 requests/minute |
Every response includes X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset headers.
Need help? Reach out at hey@magical.team