#Unable to Use Browser Token Endpoint for Live WebSocket Streaming – Request for Project Tokens or To

Thanks for asking your question. Please be sure to reply with as much detail as possible so the community can assist you efficiently.
-# If you haven't done so, ensure your Discord and Github profiles are linked to Deepgram so you can earn points to redeem on cool stuff just by being active!

It looks like we're missing some important information to help debug your issue. Would you mind providing us with the following details in a reply?

• The programming language you are working in (e.g. JavaScript, Python).

Javascript

Hey BawzingIt, out of curiosity have you tried the new temporary token endpoint?

https://developers.deepgram.com/reference/token-based-auth-api/grant-token

@silent kayak you'll only be able to connect to websockets from the browser, and rest endpoints will require you to configure a proxy.

So while you can use either our API keys or the tokens Naomi links above, you'll hit CORS issues making requests to REST endpoints. This is for security purposes.

If you're using the SDK to connect, the headers will be taken care of for you, but if you're choosing to connect directly, you'll need to keep in-mind that a request to a websocket cannot contain custom headers like the Authorization header in a browser/edge/mobile environment. For that, you'll need to provide a known header named Sec-WebSocket-Protocol: token,DEEPGRAM_API_KEY or Sec-WebSocket-Protocol: bearer,DEEPGRAM_TOKEN

@steep crescent I have tried the new /v1/token endpoint as described in the latest documentation (https://developers.deepgram.com/reference/token-based-auth-api/grant-token), but I always receive a 404 Not Found error, both from my backend and in Postman, even with a fresh API key.

Could you please enable access to this endpoint for my account/project so I can use secure browser-based authentication with Deepgram live transcription?

The endpoint is /v1/auth/grant.

@shut furnace If I POST with that address I get: {
"err_code": "FORBIDDEN",
"err_msg": "Insufficient permissions."
}

With a fresh API key BTW.

That means your API key doesn't have permissions to create more keys. That's typical, if you created your key with the default permissions. You'll need to create one with at least the Member permissions, I believe:

Oh really, I didn't know that. Gonna try ty

tyvm, I now get a token back on POST.

@shut furnace I am able to successfully open a WebSocket, send audio chunks, and receive a valid token with the 'listen:stream' scope. However, I do not receive any interim or final transcription events, nor any errors, from the Deepgram server. Could my account be missing permissions or is there a restriction for live streaming in Dutch?

If you've got a request ID, I can dig in to it tomorrow - I'm technically out today.

Thank you for the help, I got it working now. I lowered the sample rate from 48000 to 16000 and changed general to nova2.

Unless I'm missing something, it seems like the SDK always uses Sec-WebSocket-Protocol: token,DEEPGRAM_API_KEY:

https://github.com/deepgram/deepgram-js-sdk/blob/main/src/packages/AbstractLiveClient.ts#L143

Is there a way to tell it to use bearer,key instead?

I’m OOO this week but you’ve hit the nail on the head. I can’t remember which way around the headers are written, either. My thinking is that we need to parse for a JWT and apply a the bearer scheme instead of token