Skip to main content

Authentication

Every request to the VoiceLab360 API must include a valid API key in the Authorization header using the Bearer scheme.
API keys are tied to your workspace and environment. Sandbox keys are prefixed vl360_test_. Production keys are prefixed vl360_live_.

Security requirements

  • Never expose your API key in client-side code, browser JavaScript, or public repositories
  • Store keys in environment variables or a secrets manager
  • Rotate keys immediately if they are compromised
  • Use one key per environment — never share a production key across projects

Error responses

A missing or invalid key returns HTTP 401 with error code UNAUTHORIZED. A revoked key returns HTTP 403 with error code FORBIDDEN. See Errors for the full error reference.