Authentication

API Authentication #

VoxPria uses API keys to authenticate requests. Your API keys carry privileges, so keep them secure!

How Authentication Works #

All API requests must include your API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

Complete example:

curl -X GET "https://app.voxpria.com/api/v1/agents" \
  -H "Authorization: Bearer agl_sk_1234567890abcdef" \
  -H "Content-Type: application/json"

API Key Format #

VoxPria API keys follow this format:

agl_sk_[random_string]

• agl = AgentLabs (VoxPria platform)
• sk = Secret Key
• [random_string] = Unique cryptographic identifier

Security Best Practices #

✅ DO: #

• Store in environment variables or secure vaults
• Use different keys for dev/staging/production
• Limit scopes to minimum required permissions
• Rotate keys every 90 days
• Revoke immediately if compromised
• Monitor usage for suspicious activity

❌ DON’T: #

• Hard-code keys in source code
• Commit keys to Git/version control
• Share keys via email/Slack
• Expose in client-side JavaScript
• Use same key across environments
• Leave unused keys active

Environment Variables Example #

Node.js (.env file) #

VOXPRIA_API_KEY=agl_sk_your_key_here

# In code:
const apiKey = process.env.VOXPRIA_API_KEY;

Python #

import os
api_key = os.getenv('VOXPRIA_API_KEY')

PHP #

$apiKey = getenv('VOXPRIA_API_KEY');

C# #

string apiKey = Environment.GetEnvironmentVariable("VOXPRIA_API_KEY");

Rate Limiting #

Limit Type	Default	Window
API Requests	1,000	Per hour
Calls Triggered	100	Per minute
Contact Imports	10,000	Per batch

When rate limited (429 response), check these headers:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1675958400

Testing Authentication #

curl -X GET "https://app.voxpria.com/api/v1/credits" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json"

Expected: 200 OK with credit balance