Authentication Flow Is Confusing for Realtime

[jaderf-sm]

Authentication Flow Is Confusing for Realtime

Source: docs.speechmatics.com/get-started/authentication

The authentication docs explain three approaches:

1. Use your API key directly as a bearer token
2. Generate a short-lived JWT via the management platform API
3. Pass a JWT as a query parameter on the WebSocket URL (?jwt=<token>)

Problems:

• For realtime specifically, it's unclear which method is required. Can you connect to the WebSocket with just the raw API key? Or must you first exchange it for a JWT? The SDK appears to handle this transparently (generate_temp_token=True), but a developer building a raw WebSocket client doesn't know what to do.
• The JWT generation endpoint (https://mp.speechmatics.com/v1/api_keys?type=rt) is documented in the authentication page, but the quickstart never mentions it. A developer following the quickstart who doesn't also read the auth page will assume the API key works directly — which may or may not be true.
• The generate_temp_token parameter in ConnectionSettings implies the SDK can auto-generate JWTs, but this isn't explained anywhere in the quickstart.

Recommendation: The quickstart should explicitly state: "For realtime, you need a JWT. Here's how to get one. (Or, use the SDK which handles this for you.)" Include a curl example for JWT generation right in the quickstart flow.