Authentication
Learn how to authenticate your requests to the Nur API.
API Keys
All API requests require authentication using a Bearer token. You can generate API keys from the Nur Dashboard. Each key begins with the prefix nur_.
Using the SDK
The SDKs automatically read from the NUR_API_KEY environment variable, or you can pass the key explicitly.
Key Scopes
API keys can be scoped to specific products and permissions. Use restricted keys in production to follow the principle of least privilege.
| Scope | Access | Description |
|---|---|---|
| tts:read | Text to Speech | Generate speech from text |
| tts:write | Text to Speech | Generate speech + manage voice settings |
| stt:read | Speech to Text | Transcribe audio files and streams |
| voices:read | Voices | List and retrieve voice information |
| voices:write | Voices | Clone, update, and delete voices |
| agents:read | Voice Agents | List and retrieve agents |
| agents:write | Voice Agents | Create, update, and delete agents |
| dubbing:write | AI Dubbing | Create and manage dubbing jobs |
| music:write | Music Generation | Generate and manage music tracks |
| audio:write | Audio Tools | Denoise and enhance audio files |
| * | All | Full access to all endpoints |
Security Best Practices
Never expose keys in client-side code
API keys should only be used on the server. Use a backend proxy for browser-based apps.
Use environment variables
Store keys in environment variables, never hard-code them in source files.
Rotate keys regularly
Generate new keys periodically and revoke old ones from the Dashboard.
Use scoped keys in production
Create keys with minimum required scopes for each service or deployment.
Monitor usage
Check the Dashboard for unusual API usage patterns that might indicate a leaked key.
Authentication Errors
If authentication fails, the API returns one of these errors: