Skip to main content

Before going to production

Steps to take before taking your integration to production

Ensure your API keys are secured

You are responsible for keeping your API keys secure, this means that they should not be publicly exposed or leaked. Otherwise, a malicious attacker could use your API key to make requests on your behalf.

Do not store your API key on the client side

Requests to our API should be made from your secure back-end and should not come from your client side. You should securely access the API key from your back end. Storing the API key on the front end exposes the API key

Don’t store your API key directly in your code.

You should instead use secure environment variables or secrets. Avoid leaking your keys in your git history even if your repository is private.

Use optimal audio formats

While we support many different audio formats, for optimal latency and performance we recommend that you use the recommended audio requirements.

Implement retrying with exponential back-off

During intense spikes of traffic the API may return rate limit 429 errors or rare 500 errors as the service scales up. Implementing a retry with exponential back-off strategy in your application code allows your service to mitigate these transient errors.

Implementing exponential back-off retries involves momentarily pausing requests when an error arises, before attempting the same request once again. If the subsequent attempt proves unsuccessful, the duration of pause is extended before repeating the same process. This cycle persists until the request goes through successfully or until the predefined limit for retries has been hit.

There exists many libraries to help implement an exponential back-off retry strategy, here are some options in different languages:

Python: https://github.com/jd/tenacity

NodeJS/JS: https://www.npmjs.com/package/exponential-backoff

Setup additional request headers for analytics

To help us track your requests and better support you, you should setup these additional headers in your requests

x-user-id: A unique identifier for the end user that made the request. This should be unique and anonymous. For example a UUID or an integer. This allows us to track your number of users and identify requests made by a specific user.

🚧 Per user plan: If you are on a per monthly active user subscription then the headers mentioned above are required.