Authentication & Usage Tracking
Gabber supports two different authentication schemes:
- API Key Authentication
- End-user ("Human") Usage Tokens
Many of Gabber's APIs can be accessed via your end-users directly or be tied to your end users. Gabber calls end-users "humans".
Humans are represented by a freeform identifier, typically a user id or an email, and are definied by you.
API Key Authentication
API Key authentication is the standard method for server-side API use. API keys must be kept secret and should only be used server-side. You can find your API key on the dashboard
To use an API key, include it in the x-api-key header of your requests to the Gabber APIs. An optional x-human-id can added which ties the request to a human. For example, calling the Chat Completions Endpoint with an x-human-id would enforce the token count limits for them.
POST /some-endpoint HTTP/1.1
Host: api.gabber.dev
x-api-key: your_api_key_here
x-human-id: some_user_id_from_your_app
Usage Tokens
Humans can also interact with Gabber APIs directly from your app using usage tokens. Instead of using an API key + a human id, you can create a usage token that represents that pairing of API key + human id to authenticate requests.
This makes it so you don't need to re-implement all of Gabber's endpoints in your backend.
For example, many of Gabber's LLM features are OpenAI-API compatible. It'd be annoying to have to implement another OpenAI-API compatible endpoint on your backend, just to proxy requests and responses to Gabber's endpoint.
With usage tokens, you can directly use an OpenAI SDK in your frontend application where the human acts on behalf of your Gabber API key with limits imposed.
┌───────────────────┐
│ Your backend w/ │ 2.Backend generates token w/ limits
│ secret gabber key │ using POST/usage/token
│ ─┼──────────────────────────────────────────┐
│ │ │
│ │ │
│ ◄┼───────────────────────────────┐ │
│ ▲ │ 4.Your backend optionally │ │
└─┼─────────────────┘ responds to webhooks ┌───┼──────────▼──┐
│ from Gabber │ │ │
│1.Client asks │ │
│ for token │ Gabber backend │
│ │ │
│ │ │
┌─┼─────────────────┐ │ ▲ │
│ │ └─────┼───────────┘
│Your client app │ │
│(Web, iOS, etc.) ─┼─────────────────────────────────┘
│ │ 3.Client uses token to interact
│ │ with Gabber APIs directly
└───────────────────┘
Creating a Usage Token
You can create a usage token using the createUsageToken API.
When creating a usage token, you must specify a list of limits. There are 3 limit types:
token_cntconversational_secondsvoice_synthesis_seconds
For example, if a token is created with 60 conversational_seconds, a human would only be able to use 60 seconds of Gabber usage in realtime conversational sessions before Gabber would shut off the human's service. For more information about how Gabber meters usage, refer to Metering
Usage token APIs are only accessible via API Key authentication. Tokens expire after 24 hours.
Checking and Updating Limits
Gabber automatically tracks and updates limits for tokens as usage occurs. You can check the limits using getUsageLimits.
Sometimes you need to increase limits. For example, if the user purchases credits in your app you can use updateUsageToken to increase the limits.