Realtime AvatarAuthentication
API keys, environments, and keeping live keys server-side.
All requests authenticate with a platform API key sent as a bearer token:
Authorization: Bearer tic_live_xxxEnvironments
| Prefix | Environment | Notes |
|---|---|---|
tic_test_… | Sandbox | Free tier (30 realtime minutes). Safe for development. |
tic_live_… | Production | Bills real credits. |
Create and manage keys in the dashboard settings. Each key is scoped and can carry a spend limit.
Never embed a tic_live_ key in browser or mobile code. For client apps, proxy
requests through your backend and use RealtimeAvatarClient.webProxy() so the
upstream key stays server-side.
Choosing a client mode (TypeScript)
import { RealtimeAvatarClient } from "realtime-avatar";
const client = RealtimeAvatarClient.platform({
apiKey: process.env.REALTIME_AVATAR_API_KEY!,
});import { RealtimeAvatarClient } from "realtime-avatar";
// Your backend forwards /api/realtime/* to the platform with the key attached.
const client = RealtimeAvatarClient.webProxy();Errors
| Status | Meaning |
|---|---|
401 | Missing or invalid API key. |
402 | Insufficient credits or key spend limit reached — not retryable. Check GET /api/v1/credits/balance. |
409 | Idempotency-Key reused (by design). |
422 | Invalid request body. |
429 | Rate limited — retry after a short backoff. |
Server-side key hashing/verification (with a secret pepper) lives in the
realtime-avatar/server entry point and must never be imported into client code.