Zeligate VoiceDeveloper docs
v1.3.0Sign in

Get started / Authentication

Authentication

The API authenticates with an Authorization: Bearer token. Auth is configured on the box, so a public deployment requires a key while an embedded loopback box can run open.

API keys

Set one or more keys on the server and send it on every /v1 request:

  • Single keyZELI_API_KEY=sk-zeli-...
  • Multiple keysZELI_API_KEYS=sk-zeli-a,sk-zeli-b (comma-separated)
Unset means open

If neither variable is set, the API is open — correct for a loopback/embedded box, wrong for a public one. Always set a key before exposing the box to a network.

Sending the key

Send the key as an Authorization: Bearer header.

curl -X POST "https://voice.your-domain.com/v1/text-to-speech/zeli-voice-1" \
  -H "Authorization: Bearer sk-zeli-..." \
  -H "Content-Type: application/json" \
  -d '{"text":"Authenticated with a Bearer token."}' --output out.mp3

WebSocket authentication

The realtime stream-input WebSocket reads the key from either of two places:

  1. The BOS message field authorization (a Bearer sk-zeli-... token).
  2. A ?authorization=Bearer%20sk-zeli-... query parameter (for browser clients that can't set headers).
{ "text": " ", "authorization": "Bearer sk-zeli-...", "voice_settings": { "stability": 0.5 } }

See Realtime WebSocket for the full protocol.

Errors

Auth failures use the ZeliSpeech error envelope:

{ "detail": { "status": "missing_api_key", "message": "..." } }
Status codestatusWhen
401missing_api_keyAuth is required but no key was sent
401invalid_api_keyThe key sent isn't recognized

See Errors for the complete list.

Provisioning a public box

Checklist
  1. Set ZELI_API_KEY (or ZELI_API_KEYS) on the box.
  2. Terminate TLS in front — clients expect https://.
  3. Optionally pin the swap-out voice with ZELI_EL_DEFAULT_VOICE=zeli-voice-1.

Per-key concurrency limits, queueing, and 429 rate limiting are on the roadmap (the engine is batch-1, so concurrency control matters for public boxes).

Zeligate Voice API · self-hosted · secure data sovereignty · source