Overview
Outspeed provides flexible authentication options to balance ease of development with production security needs.Authentication Modes
Development Mode (No Auth)
Perfect for prototyping and development - no backend required.- Create agent in the Outspeed Dashboard
- Disable authentication in agent settings
- Use directly from your client app
Production Mode (Auth Enabled)
Recommended for production apps - requires backend for security.- Enable authentication in agent settings
- Set up backend to generate ephemeral keys
- Pass ephemeral key when starting sessions
Dashboard Configuration
Creating an Agent
- Go to Outspeed Dashboard
- Click Create Agent
- Configure your agent:
- Name: Give your agent a name
- Voice: Choose from available voices
- Once created, you can configure other settings like system instructions, first message, etc. in the dashboard.
Authentication Settings
In your agent settings, you can:- Toggle Authentication: Enable/disable auth requirements
- Set Allowed Hostnames: Restrict which domains can use your agent
- View Agent ID: Copy the ID to use in your code
Hostname Security
Add allowed hostnames to restrict where your agent can be used:example.com- Allow only this exact domainapp.domain.com- Allow specific subdomain
We do not support wildcard domains yet.
Backend Implementation
Simple Agent-Based Auth
For agents created in the dashboard, you only need the agent ID:Frontend Integration
Legacy: Programmatic Configuration
The new dashboard approach is recommended, but you can still configure agents programmatically for advanced use cases.
Backend with Session Config
Frontend with Session Config
Environment Setup
Required Environment Variables
Security Best Practices
- API Keys: Keep server-side only, never in frontend code
- Ephemeral Keys: Short-lived tokens for client authentication
- Hostname Allowlist: Restrict origins that can use your agent
- HTTPS: Always use HTTPS in production
- Rate Limiting: Implement rate limiting on your token endpoint
When to Use Each Mode
Development Mode (No Auth)
- ✅ Prototyping and development
- ✅ Internal tools with trusted users
- ✅ Quick demos and experiments
- ❌ Production apps with external users
Production Mode (Auth Enabled)
- ✅ Production applications
- ✅ Public-facing voice agents
- ✅ Hostname restrictions for security
Summary
- Start simple: Use dashboard agents with auth disabled for development
- Add security: Enable auth and set up backend for production
- Restrict access: Use hostname allowlist for additional security