Authentication
How to authenticate with the Voxxi API
All API requests to Voxxi require authentication. Authentication is scoped at the organization level, ensuring that your API access is properly isolated and secured within your organization's context.
Overview
Voxxi uses Bearer Token Authentication to secure API endpoints. Each request must include a valid API key in the authorization header to access protected resources.
Obtaining Your API Key
To get your API key:
- Navigate to the Voxxi application
- In the side navigation, go to Settings → API Keys
- Click Create API Key or use an existing key
- Copy the generated API key securely
Security Note
Treat your API key like a password. Never expose it in client-side code, public repositories, or share it publicly.
Authentication Header
Include your API key in the Authorization header of every request using the Bearer token format:
Authorization: Bearer YOUR_API_KEY_HEREExample Request
curl -X GET "https://api.voxxi.ai/v1/endpoint" \
-H "Authorization: Bearer vx_1234567890abcdef" \
-H "Content-Type: application/json"// JavaScript/Node.js example
const response = await fetch('https://api.voxxi.ai/v1/endpoint', {
headers: {
'Authorization': 'Bearer vx_1234567890abcdef',
'Content-Type': 'application/json'
}
});# Python example
import requests
headers = {
'Authorization': 'Bearer vx_1234567890abcdef',
'Content-Type': 'application/json'
}
response = requests.get('https://api.voxxi.ai/v1/endpoint', headers=headers)Authentication Errors
When authentication fails, the API will return one of the following HTTP status codes:
| Status Code | Error | Description |
|---|---|---|
401 | Unauthorized | Missing, invalid, or expired API key |
429 | Too Many Requests | Rate limit exceeded for your API key |
Error Response Format
{
"error": {
"code": "authentication_failed",
"message": "Invalid or missing API key",
"type": "authentication_error"
}
}Organization Scope
Your API key provides access to resources within your organization only. This ensures:
- Data isolation: You can only access data belonging to your organization
- Resource separation: API quotas and limits are applied per organization
- Audit trails: All API activity is logged and attributed to your organization
Rate Limits
API keys are subject to rate limiting based on your subscription plan. Monitor the following response headers:
X-RateLimit-Limit: Maximum requests allowed per time windowX-RateLimit-Remaining: Requests remaining in current windowX-RateLimit-Reset: Time when the rate limit window resets