Skip to main content

Overview

Outspeed provides flexible authentication options to balance ease of development with production security needs.

Authentication Modes

Development Mode (No Auth)

Perfect for prototyping and development - no backend required.
  1. Create agent in the Outspeed Dashboard
  2. Disable authentication in agent settings
  3. Use directly from your client app

Production Mode (Auth Enabled)

Recommended for production apps - requires backend for security.
  1. Enable authentication in agent settings
  2. Set up backend to generate ephemeral keys
  3. Pass ephemeral key when starting sessions

Dashboard Configuration

Creating an Agent

  1. Go to Outspeed Dashboard
  2. Click Create Agent
  3. Configure your agent:
    • Name: Give your agent a name
    • Voice: Choose from available voices
  4. Once created, you can configure other settings like system instructions, first message, etc. in the dashboard.

Authentication Settings

In your agent settings, you can:
  • Toggle Authentication: Enable/disable auth requirements
  • Set Allowed Hostnames: Restrict which domains can use your agent
  • View Agent ID: Copy the ID to use in your code

Hostname Security

Add allowed hostnames to restrict where your agent can be used:
  • example.com - Allow only this exact domain
  • app.domain.com - Allow specific subdomain
We do not support wildcard domains yet.
Sessions will only start if the request origin matches your allowlist. Leave empty to allow any origin.

Backend Implementation

Simple Agent-Based Auth

For agents created in the dashboard, you only need the agent ID:

Frontend Integration

Legacy: Programmatic Configuration

The new dashboard approach is recommended, but you can still configure agents programmatically for advanced use cases.

Backend with Session Config

Frontend with Session Config

Environment Setup

Required Environment Variables

Security Best Practices

Never expose your API key in client-side code. Always generate ephemeral tokens on your backend server.
  • API Keys: Keep server-side only, never in frontend code
  • Ephemeral Keys: Short-lived tokens for client authentication
  • Hostname Allowlist: Restrict origins that can use your agent
  • HTTPS: Always use HTTPS in production
  • Rate Limiting: Implement rate limiting on your token endpoint

When to Use Each Mode

Development Mode (No Auth)

  • Prototyping and development
  • Internal tools with trusted users
  • Quick demos and experiments
  • Production apps with external users

Production Mode (Auth Enabled)

  • Production applications
  • Public-facing voice agents
  • Hostname restrictions for security

Summary

  1. Start simple: Use dashboard agents with auth disabled for development
  2. Add security: Enable auth and set up backend for production
  3. Restrict access: Use hostname allowlist for additional security
Both approaches give you full control - choose based on your security and deployment needs.