Token-Based Auth
Token-Based Auth
Generates a temporary JSON Web Token (JWT) with a 30-second TTL (Time To Live) for Deepgram APIs.
Token-Based Auth
Generates a temporary JSON Web Token (JWT) with a 30-second TTL (Time To Live) for Deepgram APIs.
A temporary token is a secure, authentication credential that provides time-limited access to Deepgram’s APIs. These tokens have a 30 second Time To Live (TTL) and are designed specifically for short-lived, secure API access scenarios, particularly in client-side applications where long-term credential storage is not recommended. Unlike traditional API keys, temporary tokens are ideal for real-time applications requiring secure, temporary access to Deepgram’s services.
Temporary tokens are ideal for client-side/untrusted applications because they allow clients to directly access the Deepgram API. Normal API keys, to be secure, require proxying traffic through your own servers where the API key is stored.
Direct access to the Deepgram API is particularly useful for client-side/untrusted applications that are more latency-sensitive, like realtime connections.
To create a JWT token, you can use the /auth/grant endpoint using the Authorization header with the token scheme.
Replace YOUR_DEEPGRAM_API_KEY with your Deepgram API Key.
To use the JWT token, you can then pass it in the Authorization header of your request to any Deepgram API that supports token-based authentication using the Bearer scheme.
Replace YOUR_JWT_TOKEN with the JWT token you received from the /auth/grant endpoint.
{"err_code":"FORBIDDEN","err_msg":"Insufficient permissions."}
The API key you use for the /auth/grant request needs to have at least Member permissions.
To create a key with Member permissions, login to the Deepgram Console and click on “API Keys” from the left sidebar. Click the “Create Key” button, then select “Advanced” options and choose “Member” from the permissions dropdown.
Alternatively, you can create a key with Member permissions using the Create Key endpoint.
We recommend keeping your TTL as short as possible for security reasons, but for certain cases (e.g. mobile) a longer TTL may be required.
In this case, pass ttl_seconds : your_ttl in the request body. The max TTL supported is 3600 seconds (1 hour).
Yes! You only need the temporary token to be valid during the initial websocket connection to Deepgram’s APIs. The websocket connection will then stay open as it would in any other case until you close it.
Temporary tokens have usage::write permission for these Deepgram APIs:
/listen REST API - Speech to Text/listen WebSocket API - Speech to Text/speak REST API - Text to Speech/speak WebSocket API - Text to Speech/read REST API - Text Intelligence/agent WebSocket API - Voice AgentThese APIs will not work with temporary tokens:
Yes! You can use this token with speech-to-text pre-recorded requests. Just note that due to the short TTL you may need to request a new token before subsequent pre-recorded requests. Unless you have latency constraints, you’re likely better off just making the request from inside the proxy.
Yes. The Deepgram SDKs support token-based authentication. Please refer to the SDKs Feature Matrix page for more information.
Yes! The temporary tokens generated have the same accessor as the API key used to generate them.
What’s Next