For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
ExamplesConsole
OverviewText to SpeechAPI ReferenceChangelog
OverviewText to SpeechAPI ReferenceChangelog
  • Get Started
    • Overview
    • Quickstart
    • Authentication
    • Models
    • API Limits
    • Official SDKs
  • Features
    • Voice Cloning
    • Language Support
    • Streaming
    • Emotion Control
    • SSML
    • Speech Marks
LogoLogo
ExamplesConsole
On this page
  • Overview
  • Getting an API key
  • Using API keys
  • Security best practices
  • Do
  • Don’t
  • Platform-specific secret management
  • Server-side proxy pattern
  • Error responses
Get Started

Authentication

Authenticate your API requests using API keys
Was this page helpful?
Previous

Models

Choose the right text-to-speech model for your use case

Next
Built with

Overview

All API requests require a valid API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Without this header, requests return 401 Unauthorized.

Getting an API key

  1. Sign in to the Speechify Console
  2. Navigate to API Keys
  3. Copy your default key, or create a new one

Set the SPEECHIFY_API_KEY environment variable and our SDKs will authenticate automatically — no need to pass the key in code.

Using API keys

Python
TypeScript
cURL
1from speechify import Speechify
2
3# Option 1: Automatic (reads SPEECHIFY_API_KEY env var)
4client = Speechify()
5
6# Option 2: Explicit
7client = Speechify(api_key="your-api-key")

Security best practices

API keys grant full access to your account, including creating/deleting voices and generating audio at your expense. Treat them like passwords.

Do

  • Store keys in environment variables or secret managers
  • Use server-side code to make API calls
  • Add .env to your .gitignore
  • Rotate keys periodically via the Console

Don’t

  • Embed keys in client-side code (JavaScript bundles, mobile apps)
  • Commit keys to version control, even in private repos
  • Share keys over unencrypted channels

Platform-specific secret management

PlatformDocumentation
VercelEnvironment Variables
NetlifyEnvironment Variables
Google CloudSecret Manager
AWSSecrets Manager

Server-side proxy pattern

If your frontend needs to call the API, set up a server-side proxy instead of exposing the key:

Client  →  Your Server (adds API key)  →  Speechify API

Always authenticate your own users before proxying requests. An open proxy allows anyone to make API calls at your expense.

Key considerations:

  • Create specific proxy endpoints (not a wildcard passthrough)
  • Validate and sanitize inputs before forwarding
  • Add rate limiting to prevent abuse

Error responses

StatusMeaningAction
401 UnauthorizedMissing or invalid API keyCheck your Authorization header
402 Payment RequiredInsufficient balanceAdd funds to your account
429 Too Many RequestsRate or concurrency limit exceededBack off and retry after the Retry-After header value
Deprecated: Access Tokens (JWT)

Access Tokens were previously available for client-side authentication via the POST /v1/auth/token endpoint. This method is now deprecated.

All applications should use API keys with a server-side proxy pattern instead. If you’re currently using Access Tokens, migrate to API keys at your earliest convenience.