Getting Started
Authentication
All SAUTI API requests are authenticated with the xi-api-key header. This page covers how to pass the key and what to expect when auth fails.
API keys
Every request to the SAUTI API must include an API key. Keys are issued manually — email hello@finiflowlabs.com with your use case and expected volume.
Keys are currently issued on request only. Self-serve key management via a developer dashboard is on the roadmap.
Sending your key
Pass the key in the xi-api-key HTTP header on every request.
http
xi-api-key: YOUR_KEYbash
curl -X POST https://sauti.finiflowlabs.com/v1/text-to-speech/sauti-swahili-v1 \
-H "xi-api-key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"text": "Karibu"}'Do not pass the key as a query parameter. It will not be recognised and your request will receive a 401.
Security best practices
- Never expose your key in client-side JavaScript, mobile app bundles, or public repositories.
- Store keys in environment variables (
SAUTI_API_KEY) and load them server-side. - If a key is compromised, email hello@finiflowlabs.com immediately — we will revoke it and issue a replacement.
Authentication errors
A missing or invalid key returns HTTP 401 with a RFC 7807 problem detail body.
json
{
"type": "https://sauti.finiflowlabs.com/errors/unauthorized",
"title": "Unauthorized",
"status": 401,
"detail": "API key is missing or invalid."
}