Authentication
The Voicy API uses API keys for authentication. All requests must include your API key in theAuthorization header.
API Key Format
Voicy API keys follow this format:voicy_sk_live_- Prefix identifying this as a Voicy secret keyxxxx...- 28 characters of cryptographically random data
Using Your API Key
Include the API key as a Bearer token in theAuthorization header:
Creating API Keys
Log in to the Dashboard
Go to app.voicy.co and sign in with your account.
Navigate to Account Settings
Click on Account in the sidebar (for account admins) or go to Accounts and select your account (for global admins).
Create a New Key
Click Create Key and give it a descriptive name (e.g., “Production”, “Development”).
API keys are scoped to your account. All calls made with a key will only access data within that account.
Key Security
Storage Best Practices
| Do | Don’t |
|---|---|
| Store in environment variables | Commit to git repositories |
| Use secrets management (AWS Secrets Manager, etc.) | Hardcode in application code |
| Rotate keys periodically | Share keys between environments |
| Use separate keys for dev/staging/prod | Log full API keys |
How Keys Are Stored
Your API keys are stored securely using industry-standard practices:- Never stored in plaintext - We only store a SHA-256 hash
- Prefix stored separately - Enables fast O(1) lookup
- Same pattern as Stripe, GitHub, OpenAI
Revoking Keys
If a key is compromised:- Go to Account Settings in the dashboard
- Find the compromised key in the list
- Click the menu (⋮) and select Revoke
- The key is immediately invalidated
401 Unauthorized on all subsequent requests.
Rate Limits
API keys are subject to rate limits based on your plan:| Plan | Requests/minute | Concurrent calls |
|---|---|---|
| Standard | 60 | 10 |
| Enterprise | 600 | 100 |