Get started

Authentication

Authenticate your API requests using API keys

Overview

All API requests require a valid API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Without this header, requests return 401 Unauthorized.

Getting an API key

  1. Sign in to the Speechify Console
  2. Navigate to API Keys
  3. Copy your default key, or create a new one

Set the SPEECHIFY_API_KEY environment variable and our SDKs will authenticate automatically — no need to pass the key in code.

Authenticate the SDK

Set SPEECHIFY_API_KEY and let the SDK read it automatically, or pass the key explicitly:

1from speechify import Speechify
2
3# Reads SPEECHIFY_API_KEY from the environment
4client = Speechify()
5
6# ...or pass it explicitly
7client = Speechify(api_key="your-api-key")

Make an authenticated request

A complete authenticated call — generated from our SDKs and the API spec, so the request (including the Authorization header in the cURL tab) stays in sync with the live endpoint:

GET
/v1/voices
1curl https://api.speechify.ai/v1/voices \
2     -H "Authorization: Bearer <token>"
Try it

Security best practices

API keys grant full access to your account, including creating/deleting voices and generating audio at your expense. Treat them like passwords.

Do

  • Store keys in environment variables or secret managers
  • Use server-side code to make API calls
  • Add .env to your .gitignore
  • Rotate keys periodically via the Console

Don’t

  • Embed keys in client-side code (JavaScript bundles, mobile apps)
  • Commit keys to version control, even in private repos
  • Share keys over unencrypted channels

Platform-specific secret management

PlatformDocumentation
VercelEnvironment Variables
NetlifyEnvironment Variables
Google CloudSecret Manager
AWSSecrets Manager

Server-side proxy pattern

If your frontend needs to call the API, set up a server-side proxy instead of exposing the key:

Client  →  Your Server (adds API key)  →  Speechify API

Always authenticate your own users before proxying requests. An open proxy allows anyone to make API calls at your expense.

Key considerations:

  • Create specific proxy endpoints (not a wildcard passthrough)
  • Validate and sanitize inputs before forwarding
  • Add rate limiting to prevent abuse

Error responses

StatusMeaningAction
401 UnauthorizedMissing or invalid API keyCheck your Authorization header
402 Payment RequiredInsufficient balanceAdd funds to your account
429 Too Many RequestsRate or concurrency limit exceededBack off and retry after the Retry-After header value

Access Tokens were previously available for client-side authentication via the POST /v1/auth/token endpoint. This method is now deprecated.

All applications should use API keys with a server-side proxy pattern instead. If you’re currently using Access Tokens, migrate to API keys at your earliest convenience.