AUTHENTICATION

Secure API Authentication

Authenticate API requests with API keys. Protect your account with scoped permissions, IP whitelisting, and enterprise-grade security.

256-bit

Encryption

13

Permission Scopes

SOC 2

Aligned

Authentication Methods

Two ways to authenticate your API requests

Authorization Header

RECOMMENDED


curl https://api.voxpria.com/api/v1/calls 
  -H "Authorization: Bearer YOUR_API_KEY"

Include your API key in the Authorization header prefixed with Bearer. This is the industry-standard method and works with all HTTP clients.

X-API-Key Header

ALTERNATIVE

curl https://api.voxpria.com/api/v1/calls 
  -H "X-API-Key: YOUR_API_KEY"

Use the custom X-API-Key header if your framework or library doesn’t support Bearer tokens. Both methods provide the same level of security.

Permission Scopes

Limit API key permissions with fine-grained access control

Scope Read Write Description
calls Trigger calls, view history, hangup active calls
campaigns Create campaigns, add contacts, start/pause
agents View and manage AI agents, export/import flows
contacts Full CRUD for CRM leads with bulk import
credits View balance and usage history (read-only)
webhooks Subscribe to events, manage webhook endpoints
analytics Call and campaign statistics (read-only)

🔐 Security Best Practices

Keep your API keys secure with these guidelines

Never Expose Keys

Never commit API keys to Git repositories, include them in client-side code, or share them in public forums. Use environment variables instead.

Rotate Regularly

Rotate API keys every 90 days or immediately if you suspect a key has been compromised. Generate new keys before revoking old ones.

Use IP Whitelisting

Restrict API key usage to specific IP addresses. Configure IP whitelists in your dashboard under API key settings for extra security.

Limit Scopes

Only grant the minimum scopes needed. Don’t give write access if read-only is sufficient. Create separate keys for different apps.

Monitor Usage

Review API key usage logs regularly. Set up alerts for unusual patterns like unexpected spikes in requests or failed authentication attempts.

Server-Side Only

Always make API calls from server-side code. Never embed API keys in mobile apps, browser JavaScript, or any client-side code.

⚡ Rate Limits

VoxPria implements sliding window rate limiting per API key

Plan Requests/Hour Burst Limit
Free Trial 1,000 100/min
Starter 5,000 500/min
Professional 25,000 2,500/min
Enterprise Custom Custom

Rate limit headers included in every API response: X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset

Ready to Start Building Securely?

Generate your API keys and start making authenticated requests in minutes

SOC 2 Aligned
256-bit Encryption
5-Min Setup
Full API Access

🎉 $10 free credit • No credit card required • Enterprise security included