API Authentication & Security Documentation
Learn secure API authentication using API keys, access tokens, authorization methods, and security best practices.
Bearer Token
Include your access token in the Authorization header of every request. Tokens are obtained through the OIDC flow and automatically refreshed by our SDKs.
curl -X GET https://api.voxentis.com/v1/agents \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-H "X-Correlation-ID: req-abc-123"
Required Headers
Every request should include:
X-Correlation-ID— for distributed tracingX-Request-ID— for idempotency
Our SDKs generate these automatically.
RBAC Roles
Access is controlled by five built-in roles. Each role grants specific permissions across agents, calls, and system configuration.
| Role | Permissions |
|---|---|
| Internal Admin | Full system access. Manage tenants, SSO, and global config. |
| Customer Admin | Full access within tenant. Manage teams, users, billing. |
| Agent Manager | Create, edit, deploy agents. View call data. |
| Call Viewer | View call logs, recordings, and analytics. Read-only. |
| Developer | Manage API keys, tools, integrations. View agents. |
Multi-Tenancy
Voxentis is fully multi-tenant. Data isolation is enforced at the database level via row-level security (RLS). Your tenant is resolved from the JWT token automatically — no tenant ID needed in API requests.
Security Standards
- All connections use TLS 1.3
- Credentials are encrypted with AES-256
- Audit logs track every API call
- GDPR, HIPAA, and SOC2 compliance paths are supported