authentication

All API requests require authentication using a Bearer token in the Authorization header.

Getting Your API Key

Navigate to Settings > API Keys

Copy your API key

Making Authenticated Requests

Include your API key in the Authorization header with every request:

Request Headers

Header	Value	Required
`Authorization`	`Bearer YOUR_API_KEY`	Yes
`Content-Type`	`application/json`	For POST/PATCH requests

Example: Get Account Information

Response:

{
  "id": "user-uuid-here",
  "email": "you@example.com",
  "company_name": "Your Company",
  "minutes_balance": 500,
  "monthly_usage_minutes": 120,
  "active_numbers": 3,
  "active_agents": 2,
  "active_calls": 0
}

See Get Account Information for full details.

Rate Limits

The API enforces the following rate limits:

Limit Type	Rate
General API requests	100 requests per minute per API key
Call control commands	10 commands per minute per active call

When you exceed a rate limit, the API returns a 429 Too Many Requests response.

Error Responses

401 Unauthorized

Returned when the API key is missing, invalid, or expired.

{
  "error": "Unauthorized",
  "message": "Invalid or missing API key"
}

403 Forbidden

Returned when your API key doesn't have permission for the requested resource.

{
  "error": "Forbidden",
  "message": "You don't have access to this resource"
}

Security Best Practices

Never expose your API key in client-side code - Always make API calls from your server

Rotate keys periodically - Generate new keys and revoke old ones regularly

Use environment variables - Store keys in environment variables, not in code

Monitor usage - Check your account dashboard for unexpected API activity

Getting Your API Key#

Making Authenticated Requests#

Request Headers#

Example: Get Account Information#

Rate Limits#

Error Responses#

401 Unauthorized#

403 Forbidden#

Security Best Practices#