For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
DocumentationAPI ReferenceSelf HostModel CardsClient LibrariesIntegrationsDeveloper ToolsChangelog
DocumentationAPI ReferenceSelf HostModel CardsClient LibrariesIntegrationsDeveloper ToolsChangelog
  • Getting Started
    • Introduction
    • Prerequisites
    • Why Self-Host?
    • Architecture
  • Docker Setup
  • Kubernetes Setup
    • Quick Start
    • Troubleshooting
  • Troubleshooting
    • Common Issues
    • Debugging Guide
    • Logs Analysis
  • API Reference
    • Authentication
    • Examples
LogoLogo
Voice AgentsModels
Voice AgentsModels
On this page
  • Overview
  • Authentication Method
  • Authorization Header
  • Example Requests
  • Response Codes
  • Error Responses
  • 401 Unauthorized
  • 403 Forbidden
  • 429 Rate Limited
  • Security Best Practices
  • SDK Integration
  • Python SDK
  • JavaScript SDK
  • Testing Authentication
  • Health Check (No Auth Required)
  • Verify License Key
  • What’s Next?
API Reference

Authentication

||View as Markdown|
Was this page helpful?
Previous

Logs Analysis

Next

Health Check

Built with

Overview

All API requests to Smallest Self-Host require authentication using your license key. This ensures only authorized clients can access the speech-to-text service.

Authentication Method

Smallest Self-Host uses Bearer token authentication with your license key.

Authorization Header

Include your license key in the Authorization header:

1Authorization: Token YOUR_LICENSE_KEY

Example Requests

cURL
Python
JavaScript
Go
$curl -X POST http://localhost:7100/v1/listen \
>  -H "Authorization: Token ${LICENSE_KEY}" \
>  -H "Content-Type: application/json" \
>  -d '{
>    "url": "https://example.com/audio.wav"
>  }'

Response Codes

CodeStatusDescription
200OKRequest successful
400Bad RequestInvalid request parameters
401UnauthorizedInvalid or missing license key
403ForbiddenLicense expired or quota exceeded
429Too Many RequestsRate limit exceeded
500Internal Server ErrorServer error
503Service UnavailableService temporarily unavailable

Error Responses

401 Unauthorized

1{
2  "error": "Invalid license key",
3  "code": "INVALID_LICENSE"
4}

Solutions:

  • Verify license key is correct
  • Check Authorization header format
  • Ensure license hasn’t expired

403 Forbidden

1{
2  "error": "License expired",
3  "code": "LICENSE_EXPIRED",
4  "expires_at": "2024-12-31T23:59:59Z"
5}

Solutions:

  • Renew license with Smallest.ai
  • Contact support@smallest.ai

429 Rate Limited

1{
2  "error": "Rate limit exceeded",
3  "code": "RATE_LIMIT_EXCEEDED",
4  "retry_after": 60
5}

Solutions:

  • Wait and retry after specified seconds
  • Implement exponential backoff
  • Contact support for higher limits

Security Best Practices

Secure Key Storage

Never hardcode license keys in source code.

Use environment variables:

$export LICENSE_KEY="your-license-key-here"

Or secret managers:

  • AWS Secrets Manager
  • HashiCorp Vault
  • Kubernetes Secrets
Use HTTPS in Production

Always use HTTPS for API requests in production:

1const API_URL = "https://api.example.com";

Configure TLS:

1apiServer:
2  tls:
3    enabled: true
4    certSecretName: "api-server-tls"
Rotate Keys Regularly

Implement key rotation policy:

  • Rotate keys every 90 days
  • Use different keys for dev/staging/prod
  • Revoke compromised keys immediately
Monitor Usage

Track API usage to detect anomalies:

  • Unusual traffic patterns
  • Failed authentication attempts
  • Quota approaching limits
Implement Rate Limiting

Add client-side rate limiting:

1from ratelimit import limits, sleep_and_retry
2
3@sleep_and_retry
4@limits(calls=100, period=60)
5def call_api():
6    response = requests.post(...)
7    return response

SDK Integration

Python SDK

$pip install smallest-client
1from smallest import Client
2
3client = Client(
4    api_url="http://localhost:7100",
5    license_key="your-license-key-here"
6)
7
8result = client.transcribe_url("https://example.com/audio.wav")
9print(result.text)

JavaScript SDK

$npm install @smallest/client
1import { SmallestClient } from '@smallest/client';
2
3const client = new SmallestClient({
4  apiUrl: 'http://localhost:7100',
5  licenseKey: 'your-license-key-here'
6});
7
8const result = await client.transcribeUrl('https://example.com/audio.wav');
9console.log(result.text);

SDKs automatically handle authentication, retries, and error handling.

Testing Authentication

Health Check (No Auth Required)

$curl http://localhost:7100/health

Expected response:

1{
2  "status": "healthy"
3}

Verify License Key

$curl -X POST http://localhost:7100/v1/listen \
>  -H "Authorization: Token ${LICENSE_KEY}" \
>  -H "Content-Type: application/json" \
>  -d '{"url": "https://example.com/test.wav"}'

Successful authentication returns transcription results.

What’s Next?

Transcription Endpoint

Learn about the transcription API

Health Check

Monitor service health

Examples

See complete integration examples