Skip to main content
All requests authenticate with an SLNG key. Create and manage keys in the Dashboard.
PlaceholderReplace with
SLNG_API_KEYAn SLNG key from app.slng.ai/api-keys

Create and delete keys

Keys are created and deleted from the API Keys page in the Dashboard. The secret value is shown once, at creation time. Copy it into your secret store immediately, because you cannot retrieve it later.
SLNG keys are secrets. Store them server-side, never embed them in client code, and delete any key that may have been exposed.

One key, every host

You use the same SLNG key across SLNG hosts:
APIHostUse for
Execution layerhttps://api.slng.aiAcross all models in the platform
Modelshttps://api.slng.aiReal-time TTS, STT, bridges, pronunciation dictionaries
Managed Agentshttps://api.agents.slng.aiCreate and manage voice agents under /v1/agents
Batch APIhttps://api.batch.slng.aiAsynchronous batch transcription endpoints

Authenticate over HTTP

Pass the key as a bearer token in the Authorization header: 
curl https://api.slng.ai/v1/tts/slng/deepgram/aura:2 \
  -H "Authorization: Bearer SLNG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Hello from SLNG!"}' \
  --output hello.wav

Authenticate over WebSocket

Pass the key on the WebSocket upgrade request, either as an Authorization header or as a token query parameter when the client cannot set headers: 
wss://api.slng.ai/v1/tts/slng/deepgram/aura:2?token=SLNG_API_KEY
The browser WebSocket API does not support custom headers. Use the token query parameter from the browser, or set the Authorization header from a server-side client.

Rotate a key

Keys cannot be rotated in place. To replace a key without downtime:
1

Create the new key

Generate a new key in the Dashboard and store its secret value.
2

Roll callers over

Update each caller to use the new key: backend services and any local environments. Verify traffic on the new key before continuing.
3

Delete the old key

Once no caller is using the old key, delete it from the Dashboard. Any request still presenting the deleted key starts failing with 401 Unauthorized.
Deleting a key invalidates it for all future requests. If a key may have been exposed, create a replacement first, then delete the compromised one.

Bring your own provider key

To run synthesis or transcription against your own upstream provider account, add the X-Slng-Provider-Key header alongside your SLNG key. Read the full guide to Bring Your Own Key setup.

Errors

A missing or invalid key returns HTTP 401, or an auth_error frame over WebSocket. See Error Codes & Troubleshooting.