Authentication
The VocaBusta Voice API uses Satryx API keys for server-to-server authentication. Each key identifies a single user or team and is billed + rate-limited independently.
Key format
Two prefixes distinguish production from sandbox traffic:
| Prefix | Use for | Billing |
|---|---|---|
satryx_live_… | Production traffic | Counted toward your paid plan |
satryx_test_… | Development, CI, experiments | Billed separately, ignored by prod dashboards |
Both environments hit the same endpoints — the prefix is purely for isolation and analytics.
Sending the key
Every /voice/* endpoint accepts the standard Authorization: Bearer header:
POST /voice/tts HTTP/1.1
Host: api.satryx.ai
Authorization: Bearer satryx_live_abc123...
Content-Type: application/json
Our SDKs do this for you — pass the key to the client or set SATRYX_API_KEY in
the environment.
The VocaBusta entitlement
Authentication proves who you are; the VocaBusta entitlement proves you're
allowed to use the voice engine. The generation endpoints —
/voice/tts, /voice/tts/stream, /voice/stt, /voice/clone and all
/voice/dub/* — require an active VocaBusta subscription on the account.
| Situation | Result |
|---|---|
| Valid key and VocaBusta active | 200 — request runs |
| Missing / invalid key | 401 — authentication failed |
| Valid key, VocaBusta not active | 403 — "VocaBusta is not active for this account. Manage it in Billing." |
| Subscription service unreachable | 503 — retry shortly |
The read-only GET /voice/voices catalog is ungated, so you can browse and
audition voices before subscribing.
Activate or manage VocaBusta in Billing at satryx.ai.
Creating keys
At satryx.ai/account/api-keys:
- Click New key.
- Name it something you'll recognize (
Production backend,CI e2e tests, …). - Pick Live or Test.
- (Optional) Set a per-minute rate limit for this key. Leaving it blank uses your account default.
- Copy the key now. This is the only time it will ever be displayed.
Rotation
Rotate a key by creating a new one, switching traffic, then revoking the old one:
- Create a new key with the same name +
-v2. - Deploy it to your service and wait for the rollout to finish.
- Revoke the old key from the dashboard.
Revocation is immediate — the next request with a revoked key returns 401.
Never commit keys
- Put keys in environment variables or a secrets manager.
- Add
.envto.gitignore. - If a key leaks to git, revoke it immediately. History rewrites don't reach every mirror.