> For clean Markdown of any page, append `.md` to the page URL. > For a complete documentation index, see https://docs.sarvam.ai/llms.txt. > For full documentation content in one file, see https://docs.sarvam.ai/llms-full.txt. > For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.sarvam.ai/_mcp/server. # Authentication > Learn how to authenticate your Sarvam AI API requests using API subscription keys. Complete guide with examples and best practices for secure API key management. All API endpoints are authenticated using API Subscription Keys provided by Sarvam AI when you sign up. Include these keys in the header of each API request as follows: ``` api-subscription-key: YOUR_SARVAM_API_KEY ``` ### Obtaining Your API Subscription Key 1. **Sign Up**: Create an account on the [Sarvam Dashboard](https://dashboard.sarvam.ai) 2. **Generate Key**: After signing up, you must manually generate your API key from the dashboard. Navigate to the API Keys section and create a new key for your account. 3. **Organisation Key Management**: Creating Organisational level keys is not currently supported and will be available soon. #### Best Practices for API Key Management 1. **Keep Your Key Secret**: Never expose your API key in public repositories or client-side code. 2. **Use Environment Variables**: Store your API key in environment variables rather than hardcoding it in your application. 3. **Monitor Usage**: Regularly check your API usage on the Sarvam dashboard. You should be able to see the credits utilised & remaining ### Using the API Subscription Key To authenticate your requests, include the `API-Subscription-Key` in the headers of your HTTP requests. Here's an example using SarvamAI SDK: ```python from sarvamai import SarvamAI client = SarvamAI( api_subscription_key="YOUR_SARVAM_API_KEY", ) response = client.text.translate( input="Hi, My Name is Vinayak.", source_language_code="auto", target_language_code="hi-IN", speaker_gender="Male" ) print(response) ``` ```javascript import { SarvamAIClient } from "sarvamai"; const client = new SarvamAIClient({ apiSubscriptionKey: "YOUR_SARVAM_API_KEY" }); const response = await client.text.translate({ input: "input", source_language_code: "auto", target_language_code: "en-IN", }); console.log(response); ``` ```bash curl -X POST https://api.sarvam.ai/translate \ -H "api-subscription-key: YOUR_SARVAM_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "input": "input", "source_language_code": "auto", "target_language_code": "gu-IN" }' ``` ### Status Codes for Authentication Failures **Auth failures return HTTP `403`, not `401`.** Sarvam returns `403 Forbidden` for both invalid/missing API keys and forbidden-but-authenticated requests. If you're catching exceptions or branching by status code, handle `403` as covering both "forbidden" and "invalid/missing API key". The response body's `error.code` distinguishes the two: * `invalid_api_key_error` — the key is missing, malformed, or unknown * other `*_error` codes — authenticated but not allowed for the requested resource ```json HTTP/1.1 403 Forbidden Content-Type: application/json { "error": { "code": "invalid_api_key_error", "message": "Invalid API key" } } ```