GitHubContribute in GitHub: Edit online

copyright: years: 2018, 2023 lastupdated: "2023-01-07"

Authentication and connected services

You have several options for authenticating your connected services with Voice Gateway. Configure your services with basic authentication, by using a user name and password combination, or by using API key authentication.

Basic Authentication

Basic authentication, with a user name and password, is the default for Voice Gateway. You can define the user name and password in your deployment configuration files, or you can use token authentication.

By enabling token authentication for user name and password authentication, a token is retrieved the first time a lookup occurs with a specific set of service credentials. After the first lookup, the token is cached using a key that includes the user name and password combination. Any subsequent requests to that service using the same set of credentials will use the token to authenticate instead of the username and password.

* **[Enabling user name and password based token authentication for Watson services](https://www.ibm.com/docs/en/voice-gateway?topic=acs-enabling-user-name-password-based-token-authentication-watson-services):** To reduce the response time for Watson services, you can enable token authentication to cache user name and password combinations as tokens, which reduces delays in conversation for the customer by reducing the frequency of LDAP lookups. See [Enabling token authentication for Watson services](https://www.ibm.com/docs/en/voice-gateway?topic=acs-enabling-user-name-password-based-token-authentication-watson-services).

* **[Enabling HEC token authentication for REST servers](https://www.ibm.com/docs/en/voice-gateway?topic=gateway-reporting-events):** For publishing reporting events to a REST server, such as Splunk, you can also use basic authentication or HEC token authentication. See [Authenticating with a REST server](https://www.ibm.com/docs/en/voice-gateway?topic=gateway-reporting-events#REST)

API key authentication

Voice Gateway can connect to speech and data storage services, such as IBM Cloudant, by using API key authentication. When using API key authentication, Voice Gateway generates tokens to be used throughout multiple requests to improve latency and response time of the system. See [Working with API keys]https://cloud.ibm.com/docs/iam?topic=iam-manapikey#manapikey) for more information about using API keys with IBM Cloud services.

Tip: You can also use API key authentication when connecting to an IBM Cloudant service to publish reporting events. See Reporting events.

Configuring API key authentication with environment variables

In your docker deploy.yaml file, configure the following environment variables with your API key information and token service provider URL. See Configuration environment variables for Voice Gateway to learn more about available environment variables.

  • Watson Assistant:
    WATSON_CONVERSATION_APIKEY=YOUR_API_KEY
  • Speech to Text:
    WATSON_STT_APIKEY=YOUR_API_KEY
  • Text to Speech:
    WATSON_TTS_APIKEY=YOUR_API_KEY

Using JSON configuration

The following code example shows a JSON file that contains the API key configurations for Watson Assistant, Speech to Text, and Text to Speech. See Advanced JSON configuration properties to learn more about different configuration options.

{

	"conversation": {
		"apikey": "YOUR_API_KEY"
	},
	"stt": {
		"credentials": {
			"apikey": "YOUR_API_KEY"
		}
	},
	"tts": {
		"credentials": {
			"apikey": "YOUR_API_KEY"
		}
	}
}