> ## Documentation Index
> Fetch the complete documentation index at: https://docs.slng.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication & API Keys

> Create and manage SLNG keys in the Dashboard, then authenticate requests over HTTP and WebSocket, including key rotation and bringing your own provider key.

All requests authenticate with an SLNG key. Create and manage keys in the [Dashboard](https://app.slng.ai/api-keys).

| Placeholder    | Replace with                                                          |
| -------------- | --------------------------------------------------------------------- |
| `SLNG_API_KEY` | An SLNG key from [app.slng.ai/api-keys](https://app.slng.ai/api-keys) |

## Create and delete keys

Keys are created and deleted from the [API Keys](https://app.slng.ai/api-keys) page in the Dashboard. The secret value is shown once, at creation time. Copy it into your secret store immediately, because you cannot retrieve it later.

<Warning>
  SLNG keys are secrets. Store them server-side, never embed them in client code, and delete any key that may have been exposed.
</Warning>

## One key, every host

You use the same SLNG key across SLNG hosts:

| API             | Host                         | Use for                                                 |
| --------------- | ---------------------------- | ------------------------------------------------------- |
| Execution layer | `https://api.slng.ai`        | Across all models in the platform                       |
| Models          | `https://api.slng.ai`        | Real-time TTS, STT, bridges, pronunciation dictionaries |
| Managed Agents  | `https://api.agents.slng.ai` | Create and manage voice agents under `/v1/agents`       |
| Batch API       | `https://api.batch.slng.ai`  | Asynchronous batch transcription endpoints              |

## Authenticate over HTTP

Pass the key as a bearer token in the `Authorization` header:

```bash highlight={2} theme={null}
curl https://api.slng.ai/v1/tts/slng/deepgram/aura:2 \
  -H "Authorization: Bearer SLNG_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"text": "Hello from SLNG!"}' \
  --output hello.wav
```

## Authenticate over WebSocket

Pass the key on the WebSocket upgrade request, either as an `Authorization` header or as a `token` query parameter when the client cannot set headers:

```text theme={null}
wss://api.slng.ai/v1/tts/slng/deepgram/aura:2?token=SLNG_API_KEY
```

<Note>
  The browser WebSocket API does not support custom headers. Use the `token` query parameter from the browser, or set the `Authorization` header from a server-side client.
</Note>

## Rotate a key

Keys cannot be rotated in place. To replace a key without downtime:

<Steps>
  <Step title="Create the new key">
    Generate a new key in the Dashboard and store its secret value.
  </Step>

  <Step title="Roll callers over">
    Update each caller to use the new key: backend services and any local environments. Verify traffic on the new key before continuing.
  </Step>

  <Step title="Delete the old key">
    Once no caller is using the old key, delete it from the Dashboard. Any request still presenting the deleted key starts failing with `401 Unauthorized`.
  </Step>
</Steps>

Deleting a key invalidates it for all future requests. If a key may have been exposed, create a replacement first, then delete the compromised one.

## Bring your own provider key

To run synthesis or transcription against your own upstream provider account, add the `X-Slng-Provider-Key` header alongside your SLNG key. Read the full guide to [Bring Your Own Key setup](/execution-layer/byok).

## Errors

A missing or invalid key returns `HTTP 401`, or an `auth_error` frame over WebSocket. See [Error Codes & Troubleshooting](/reference/errors).