Authentication
Partner keys, endpoint scopes, and the edge trust boundary.
Bearer keys
Pass your partner key on every request except health:
Authorization: Bearer sg_live_…Keys are scoped per capability. Available scopes are lookup, search, citations, leads,
resolve, translate, and transcribe. Account usage and credit endpoints require any valid key
and can only return that key's account data.
| status | meaning |
|---|---|
401 | key is missing or unknown |
403 | key is valid but lacks the required scope |
503 | the usage ledger could not open or settle the metered invocation |
The edge boundary
The Cloudflare Worker validates the hashed key, checks scope, removes the customer bearer, and forwards only trusted identity headers to the origin. Raw audio remains a byte stream; it is not converted to text or logged at the edge.
Graph calls open and settle synchronously in the account usage ledger. If metering is unavailable, the origin is not called. Transcription jobs are metered exactly once after successful completion.
GET /v1/health is public and contains no customer data.