All requests authenticate with a platform API key sent as a bearer token: 
Authorization: Bearer tic_live_xxx

Environments

PrefixEnvironmentNotes
tic_test_…SandboxFree tier (30 realtime minutes). Safe for development.
tic_live_…ProductionBills real credits.
Create and manage keys in the dashboard settings. Each key is scoped and can carry a spend limit.
Never embed a tic_live_ key in browser or mobile code. For client apps, proxy requests through your backend and use RealtimeAvatarClient.webProxy() so the upstream key stays server-side.

Choosing a client mode (TypeScript)

import { RealtimeAvatarClient } from "realtime-avatar";

const client = RealtimeAvatarClient.platform({
  apiKey: process.env.REALTIME_AVATAR_API_KEY!,
});

Errors

StatusMeaning
401Missing or invalid API key.
402Insufficient credits or key spend limit reached — not retryable. Check GET /api/v1/credits/balance.
409Idempotency-Key reused (by design).
422Invalid request body.
429Rate limited — retry after a short backoff.
Server-side key hashing/verification (with a secret pepper) lives in the realtime-avatar/server entry point and must never be imported into client code.