Log in to see your API keys
| API Key | Label | Last Used | |
|---|---|---|---|
Authenticate every request with a per-tenant API key, sent in either header:
X-API-Key: ck_xxxxxxxxxxxxxxxxxxxxxxxx
Authorization: Bearer ck_xxxxxxxxxxxxxxxxxxxxxxxx
A key resolves to exactly one tenant and can only see and act on that tenant's data. A missing or unknown key returns 401.
Permissions
Each key holds a set of per-feature permissions (<feature>:<op>). A request whose key lacks the required permission returns 403.
| Feature | Operations |
|---|---|
| Calls | calls:read (list / view), calls:control (call actions: hangup, hold, transfer, bridge, transfer-to-queue / agent, join-conference) |
| Queues | queues:read, queues:create, queues:update, queues:delete |
| Conferences | conferences:read, conferences:create, conferences:update, conferences:delete, conferences:control (member ops) |
| Leads | leads:read, leads:create, leads:update, leads:delete |
| Campaigns | campaigns:read, campaigns:create, campaigns:update, campaigns:delete |
| Lists | lists:read, lists:create, lists:update, lists:delete |
| Users | users:read, users:create, users:update, users:delete |
| Extensions | extensions:read, extensions:create, extensions:update, extensions:delete |
Secrets are write-only: user passwords are stored hashed, extension SIP passwords encrypted, and neither (nor voicemail PINs) is ever returned.
Create keys and choose their per-feature permissions in Control Panel → API Keys.