An Azure service that integrates speech processing into apps and services.
Hello @Lancy Wu ,
Welcome to Microsoft Q&A .Thank you for reaching out to us.
Thank you for providing the detailed context. Based on the behavior observed - HTTP 401 Unauthorized returned from both the authorization token endpoint and the voices list endpoint .The issue is most likely related to an endpoint, resource, region or Azure cloud environment mismatch rather than an issue with the Speech key itself.
A Speech resource key is associated with a specific Azure resource and must be used with the corresponding endpoint for that resource. The Azure cloud environment, resource location, endpoint and resource type must all align.
Regarding if japanwest the correct region identifier for Japan West - Yes, japanwest is the correct region identifier for a Speech resource created in Japan West within Azure Public Cloud.
For a standalone Speech resource deployed in Azure Public Cloud Region: Japan West , the endpoint formats are:
- Authorization token endpoint -
POST https://japanwest.api.cognitive.microsoft.com/sts/v1.0/issueToken - Voices list endpoint -
GET https://japanwest.tts.speech.microsoft.com/cognitiveservices/voices/listThese endpoints are valid when the Speech resource itself exists in the corresponding Azure Public Cloud region.
Regarding the token endpoint use japanwest.api.cognitive.microsoft.com - For a standalone Speech resource created in Azure Public Cloud Japan West, the following endpoint format is correct - https://japanwest.api.cognitive.microsoft.com/sts/v1.0/issueToken
However, the correct endpoint depends on:
- Azure cloud environment
- Resource type
- Resource location
The location where an application is running is separate from the location where the Azure resource was created.
For example:
- An application running from China can still use a Speech resource hosted in Azure Public Cloud Japan West.
- A Speech resource created in Azure China must use Azure China endpoints.
If the Speech resource itself was created in Azure China (operated by 21Vianet), the endpoints are different.
Azure China uses: .azure.cn
instead of: .microsoft.com
Example Azure China endpoint formats
Authorization token endpoint - https://<region>.api.cognitive.azure.cn/sts/v1.0/issueToken
Text-to-Speech endpoint - https://<region>.tts.speech.azure.cn/cognitiveservices/v1
A key created for an Azure China resource cannot authenticate against Public Azure endpoints such as:
*.api.cognitive.microsoft.com
*.tts.speech.microsoft.com
This results in 401 Unauthorized Invalid subscription key or wrong API endpoint
Regarding standalone Speech Service vs Azure AI Services multi-service resource make a difference - Yes, the resource type affects the endpoint selection.
Standalone Speech resource - Resource type: - SpeechServices - Typically uses Speech regional endpoints, for example - https://<region>.api.cognitive.microsoft.com
Azure AI Services multi-service resource - Resource type - CognitiveServices - Uses the resource-specific endpoint shown under - Azure Portal > Resource >Keys and Endpoint
Example: https://<resource-name>.cognitiveservices.azure.com
Both resource types use - Ocp-Apim-Subscription-Key: <resource key>
The important requirement is that the key and endpoint must belong to the same resource and Azure cloud environment.
Resource type differences alone do not normally cause 401 errors; incorrect pairing between resource, key, and endpoint does.
A valid key can still return 401 when there is a mismatch between the key and endpoint.
Common causes include:
- The key belongs to a different Speech/Azure AI Services resource.
- The endpoint region does not match the resource location.
- An Azure China resource key is being used with Azure Public Cloud endpoints.
- The resource type and endpoint format do not match.
- The key was regenerated and an older key value is still configured.
- The endpoint was manually constructed instead of using the endpoint displayed in Azure Portal.
Additionally, authorization tokens are scoped to the endpoint that issued them. A token obtained from one endpoint should be used only with the corresponding service endpoint.
Please check if the following troubleshooting steps help-
- Please open Azure Portal > Speech/Azure AI Services Resource > Keys and Endpoint Resource type:
- SpeechServices
- CognitiveServices
- Japan West
- Azure China region
- Azure Public Cloud
- Azure China
- Copy directly from the portal:
- Endpoint
- Key
Ocp-Apim-Subscription-Key: <resource key>Content-Type: application/x-www-form-urlencoded - Test both:
- Token endpoint
- Voices list endpoint
To summarise:
- japanwest is correct for a Speech resource created in Azure Public Cloud Japan West.
- The token endpoint format is correct for that environment.
- Standalone Speech and Azure AI multi-service resources use the same authentication model, but the endpoint must match the resource configuration.
- The most probable cause could be - Azure China resource + Azure Public Cloud Japan West endpoint = 401 Unauthorized
The following references might be helpful , please check them out
- Supported regions for Azure Speech - Foundry Tools | Microsoft Learn
- Sovereign Clouds - Speech service - Foundry Tools | Microsoft Learn
- Authentication in Foundry Tools - Foundry Tools | Microsoft Learn
- Text to speech API reference (REST) - Speech service - Foundry Tools | Microsoft Learn
- Troubleshoot the Speech SDK - Speech service - Foundry Tools | Microsoft Learn
Thank you
Please "Accept" the answer with an "Upvote" if the response was helpful. This will be benefitting other community members who face the same issue.