API Reference

Authentication

View as Markdown

All API endpoints are authenticated using API Subscription Keys provided by Sarvam AI when you sign up. Include these keys in the header of each API request as follows:

api-subscription-key: YOUR_SARVAM_API_KEY

Bearer token (alternative)

The API also accepts the same key as a standard Authorization: Bearer header on all endpoints:

Authorization: Bearer YOUR_SARVAM_API_KEY

This is useful with OpenAI-compatible tooling pointed at the Chat Completions endpoint (/v1/chat/completions), which conventionally sends Bearer auth. All examples in these docs and the official SDKs use the api-subscription-key header — prefer it unless your tooling requires Bearer.

Obtaining Your API Subscription Key

  1. Sign Up: Create an account on the Sarvam Dashboard
  2. Generate Key: After signing up, you must manually generate your API key from the dashboard. Navigate to the API Keys section and create a new key for your account.
  3. Organisation Key Management: Creating Organisational level keys is not currently supported and will be available soon.

Best Practices for API Key Management

  1. Keep Your Key Secret: Never expose your API key in public repositories or client-side code.
  2. Use Environment Variables: Store your API key in environment variables rather than hardcoding it in your application.
  3. Monitor Usage: Regularly check your API usage on the Sarvam dashboard. You should be able to see the credits utilised & remaining

Using the API Subscription Key

To authenticate your requests, include the API-Subscription-Key in the headers of your HTTP requests. Here’s an example using SarvamAI SDK:

1from sarvamai import SarvamAI
2
3client = SarvamAI(
4    api_subscription_key="YOUR_SARVAM_API_KEY",
5)
6
7response = client.text.translate(
8    input="Hi, My Name is Vinayak.",
9    source_language_code="auto",
10    target_language_code="hi-IN",
11    speaker_gender="Male"
12)
13
14print(response)

Status Codes for Authentication Failures

Auth failures return HTTP 403, not 401. Sarvam returns 403 Forbidden for both invalid/missing API keys and forbidden-but-authenticated requests. If you’re catching exceptions or branching by status code, handle 403 as covering both “forbidden” and “invalid/missing API key”.

The response body’s error.code distinguishes the two:

  • invalid_api_key_error — the key is missing, malformed, or unknown
  • other *_error codes — authenticated but not allowed for the requested resource
1HTTP/1.1 403 Forbidden
2Content-Type: application/json
3
4{
5  "error": {
6    "code": "invalid_api_key_error",
7    "message": "Invalid API key"
8  }
9}