Overview When deploying to production, do not expose your API key publicly. Instead:
Exchange your API key for a short-lived session token on the server side
Pass this token to the client
Initialize the Anam SDK with the session token
Anam AI offers two types of session tokens: Stateful and Ephemeral .
API Change Notice : Recent API changes mean we now use a POST request
instead of GET, and you define your persona configuration at this point in
the request body. This allows you to configure your persona on the server
side, preventing sensitive configuration details from being exposed to the
client.
Session Token Types Stateful Session Tokens Stateful tokens reference a persona that you’ve created and configured in the Anam AI Lab, or using the Anam AI API . These are referenced by a unique ID.
Pros Configuration changes are managed in the Lab interface without needing code
changes. Ideal for personas that don’t need to change from session to
session.
Cons Less flexibility for per-user customization.
Ephemeral Session Tokens Ephemeral tokens allow you to define the persona configuration at runtime.
Pros Define your persona configuration at runtime, enabling per-session
customization and fast feedback during development.
Cons Requires managing persona configuration inside your application.
Getting a Session Token Session tokens are valid for 1 hour by default. You should request a new token for each user session rather than caching tokens long-term.
The session token endpoint must be called from your server , not from client-side code. Making this request from the browser would expose your API key.
Stateful Session Token From your server, make a request to get a stateful session token, referencing your persona ID (found in the Anam Lab under your persona’s settings):
Fetching a stateful session token on your server
interface SessionTokenResponse { sessionToken : string ; } async function getStatefulSessionToken ( apiKey : string , personaId : string ): Promise < string > { const response = await fetch ( "https://api.anam.ai/v1/auth/session-token" , { method: "POST" , headers: { "Content-Type" : "application/json" , Authorization: `Bearer ${ apiKey } ` , }, body: JSON . stringify ({ personaConfig: { personaId , }, }), }); if (! response . ok ) { const error = await response . text (); throw new Error ( `Failed to get session token: ${ response . status } ${ error } ` ); } const data : SessionTokenResponse = await response . json (); return data . sessionToken ; }
Ephemeral Session Token From your server, make a request to get an ephemeral session token with your persona configuration:
Fetching an ephemeral session token on your server
interface EphemeralPersonaConfig { name : string ; avatarId : string ; voiceId : string ; llmId : string ; systemPrompt : string ; } interface SessionTokenResponse { sessionToken : string ; } async function getEphemeralSessionToken ( apiKey : string , personaConfig : EphemeralPersonaConfig ): Promise < string > { const response = await fetch ( "https://api.anam.ai/v1/auth/session-token" , { method: "POST" , headers: { "Content-Type" : "application/json" , Authorization: `Bearer ${ apiKey } ` , }, body: JSON . stringify ({ personaConfig , }), }); if (! response . ok ) { const error = await response . text (); throw new Error ( `Failed to get session token: ${ response . status } ${ error } ` ); } const data : SessionTokenResponse = await response . json (); return data . sessionToken ; } // Example usage const sessionToken = await getEphemeralSessionToken ( apiKey , { name: "Cara" , avatarId: "30fa96d0-26c4-4e55-94a0-517025942e18" , voiceId: "6bfbe25a-979d-40f3-a92b-5394170af54b" , llmId: "0934d97d-0c3a-4f33-91b0-5e136a0ef466" , systemPrompt: "[STYLE] Reply in natural speech without formatting. Add pauses using '...' and very occasionally a disfluency. [PERSONALITY] You are Cara, a helpful assistant." , });
Common Error Responses Status Code Meaning Solution 401 Invalid or missing API key Check your API key is correct and included in the Authorization header 403 API key does not have permission Verify your API key has the correct permissions in the Lab 404 Persona not found (stateful tokens) Check the persona ID exists and belongs to your account 429 Rate limited Reduce request frequency or contact support for higher limits
Client Initialization Once you have a session token from your server, use the createClient method to initialize the Anam client:
import { createClient } from "@anam-ai/js-sdk" ; const anamClient = createClient ( sessionToken );
The client exposes the same methods whether initialized with an API key or
session token. See Basic Usage for streaming and interaction examples. Understanding a Session The sequence diagram below shows how a typical session is started.
Next Steps 
