Daily.co — Account Setup
Create a Daily.co account, find your API key, and understand the platform before writing any code.
The Scenario That Explains the Upgrade
You launched your CA consultation platform. Meetings are coming in. A CA reports that a random person joined their client session — they had guessed the Jitsi room name from the appointment ID pattern in the URL. Now a client's financial details were overheard by a stranger.
This is the fundamental limitation of Jitsi's "room name = security" model. Once your room names follow a predictable pattern — and they will, because your appointment IDs are sequential — anyone who figures out the pattern can join any room.
Daily.co solves this completely. You create a room on your server. You control who gets access. You issue participant tokens — like entry passes to an event — and only participants with a valid token can join. The room URL itself is meaningless without the token.
Excel analogy: Jitsi is like a shared Google Sheet — anyone with the link can view it. Daily.co is like a protected sheet where you explicitly grant access to specific email addresses. The underlying data might be similar, but the access model is fundamentally different.
What Is Daily.co
Daily.co is a video infrastructure company. They provide:
- A REST API for creating and managing video rooms
- A JavaScript/React SDK (
@daily-co/daily-react) for embedding the room in your app - Recording, live streaming, transcription (paid tiers)
- Detailed analytics and logs
You pay per minute of video used. The free tier gives you 1,000 minutes per month — enough to run a production pilot with real users before any payment is needed.
1,000 minutes per month = roughly 16 hours of video. For a small CA firm doing 4–5 consultations per week at 30 minutes each, that is about 2–3 months of free usage before you need to upgrade.
Creating Your Account
Go to daily.co and click Get started for free.
Sign up with your email address. Verify your email when the confirmation arrives.
You will be taken to the Daily.co dashboard. The URL will contain your domain name, something like:
https://dashboard.daily.co/
Your subdomain is assigned automatically (e.g., yourname.daily.co). You can set a custom domain later.
Note your domain. It looks like: yourname.daily.co
This is important — all room URLs follow the pattern: https://yourname.daily.co/room-name
Finding Your API Key
The API key is how your server authenticates with Daily.co's API. It is a secret. Keep it secret.
In the Daily.co dashboard, click Developers in the left sidebar.
Click API Keys in the submenu.
You will see a key that starts with something like d7f.... This is your live API key.
Click Copy to copy it.
Do not close this page yet. Also note your domain name — you'll need both.
The API key is your master password to Daily.co. Anyone who has it can create and delete rooms on your account. Never put it in your frontend code. Never commit it to git. Never paste it in a WhatsApp message. It goes into Supabase secrets only — covered in the next step.
Understanding API Key vs Domain
Two separate things — easy to confuse:
| What it is | Example | Where it goes | |
|---|---|---|---|
| API Key | Your authentication credential for the REST API | d7f3a... (long random string) | Supabase secret — server only |
| Domain | Your Daily.co subdomain | myapp.daily.co | Frontend is fine — not secret |
The domain goes in your frontend code because it forms part of room URLs that users visit. The API key stays on the server because it's used to create and manage rooms.
Saving the API Key to Supabase Secrets
For production, the API key must live in Supabase secrets (not .env). Here's why: .env files can accidentally end up in git, in logs, or in error messages. Supabase secrets are encrypted at rest and only accessible inside edge functions.
Go to your Supabase project dashboard.
Click Edge Functions → Secrets.
Click Add new secret.
Set:
- Name:
DAILY_CO_API_KEY - Value: Paste your API key here
Click Save.
Add a second secret:
- Name:
DAILY_CO_DOMAIN - Value:
yourname.daily.co(your Daily.co subdomain)
Inside your Supabase edge functions, you access these as:
They are never exposed to the browser.
For Local Development
During local development, you can temporarily put the API key in your .env file for testing — but only in a variable that is NOT prefixed with VITE_ (which would expose it to the browser).
In your Supabase edge function running locally with supabase functions serve, it reads from .env automatically.
Double-check your .gitignore has .env listed before you paste this key. If .env is not in .gitignore, add it now before doing anything else.
Dashboard Overview
While you have the dashboard open, note these sections — you will use them:
Rooms — Lists all rooms you have created via the API. Useful for debugging.
Logs — Shows API call history. If a room creation fails, the error appears here.
Usage — Shows minutes consumed. Tells you when you are approaching the free tier limit.
Developers → API Reference — The official API documentation. Well-written, with examples for every endpoint.
Saving the Credential to VaultMate
Per project security standards, save the API key to VaultMate now before moving on:
You Are Ready
With your account set up and your API key secured, the next step is using the API to create rooms. That is where the real power of Daily.co becomes clear.