Overview
When deploying to production, it’s important not to expose your API key publicly. Instead, you should:- Exchange your API key for a short-lived session token on the server side
- Pass this token to the client
- Initialize the Anam SDK with the session token
API Change Notice: Recent API changes mean we now use a
POST
request
instead of GET
, and you define your persona configuration at this point in
the request body. This change improves security by allowing you to configure
your persona on the server side, preventing sensitive configuration details
from being exposed to the client.Session Token Types
Stateful Session Tokens
Stateful tokens reference a persona that you’ve created and configured in the Anam AI Lab, or using the Anam AI API. These are referenced by a unique ID.Pros
Configuration changes are managed in the Lab interface without needing code
changes. So this is ideal for personas that don’t need to change from
session to session.
Cons
This approach offers less flexibility for per-user customization.
Ephemeral Session Tokens
Ephemeral tokens allow you to define the persona configuration at runtime.Pros
Define your persona configuration at runtime, enabling per session
customization and fast feedback during development.
Cons
Requires managing persona configuration inside your application.
Getting a Session Token
Stateful Session Token
From your server, make a request to get a stateful session token, referencing your persona ID:Fetching a stateful session token on your server
Ephemeral Session Token
From your server, make a request to get an ephemeral session token, with your persona configuration:Fetching an ephemeral session token on your server
Client Initialization
Once you have a session token from your server, use thecreateClient
method to initialize the Anam client:
HelloWorld.js
The client exposes the same methods whether initialized with an API key or
session token.
Understanding a Session
The sequence diagram below shows how a typical session is started.