Overview
The API Keys API allows you to create and manage API keys for programmatic access to the Voice Agent API. API keys provide secure authentication for applications and services.Key Features
- Create private and public API keys
- Configure allowed origins for CORS
- Restrict keys to specific assistants
- Support for transient assistants
- Key rotation and management
Common Use Cases
Create API Key
Use the
POST /api_keys endpoint to generate a new API key. The key value is only returned on creation.List API Keys
Use the
GET /api_keys endpoint to view all your API keys.Get API Key
Use the
GET /api_keys/{id} endpoint to retrieve details for a specific key.Update API Key
Use the
PUT /api_keys/{id} endpoint to update key settings like allowed origins or assistants.Delete API Key
Use the
DELETE /api_keys/{id} endpoint to revoke an API key.API Key Properties
API keys include the following key properties:- id: Unique key identifier
- key_type: Type of key (
privateorpublic) - name: Descriptive name for the key
- key_value: The actual key (only returned on creation)
- allowed_origins: Array of allowed CORS origins
- allowed_assistants: Array of assistant IDs the key can access
- transient_assistant: Whether the key supports transient assistants
- user_id: Owner user ID
- user_email: Owner email address
Key Types
Private Keys
Private keys provide full access to your account resources. Use with caution and keep secure.Public Keys
Public keys are designed for client-side use and have restricted permissions.Security Best Practices
- Use descriptive names for easy identification
- Set allowed origins to restrict CORS access
- Limit to specific assistants when possible
- Rotate keys regularly by creating new keys and deleting old ones
- Never commit keys to version control