API authentication and webhook setup
API authentication
VoiceCraft uses two authentication methods depending on the endpoint:
Session-based (dashboard routes)
Routes accessed through the dashboard use your login session (NextAuth JWT). No additional setup needed.
API key (webhook and agent routes)
Webhook endpoints and agent-to-web calls use an API key passed in the x-api-key header.
Your API key is available in Settings. Keep it secret. Do not expose it in client-side code.
x-api-key: your-api-key-hereWebhook endpoints
VoiceCraft exposes several webhook endpoints for integration with external systems:
Endpoint | Purpose |
|---|---|
| Inbound call routing (returns TwiML for LiveKit) |
| Check appointment slot availability |
| Book an appointment |
| Send an SMS message |
These are used by the voice agent worker and can also be called from external systems with proper API key authentication.
Setting up webhooks
Go to Settings from the user menu.
Find your API key in the API Keys section.
Use this key in the
x-api-keyheader when calling any webhook endpoint.All webhook requests must be POST with a JSON body.
Security
Rotate your API key if it is ever exposed.
Webhook endpoints validate the API key on every request.
All API communication happens over HTTPS.
Este artigo foi útil?
Artigos relacionados
Precisa de mais ajuda?
Não encontrou o que procurava?