API Authentication & Security Documentation

Learn secure API authentication using API keys, access tokens, authorization methods, and security best practices.

Bearer Token

Include your access token in the Authorization header of every request. Tokens are obtained through the OIDC flow and automatically refreshed by our SDKs.

curl -X GET https://api.voxentis.com/v1/agents \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -H "X-Correlation-ID: req-abc-123"

Required Headers

Every request should include:

  • X-Correlation-ID — for distributed tracing
  • X-Request-ID — for idempotency

Our SDKs generate these automatically.

RBAC Roles

Access is controlled by five built-in roles. Each role grants specific permissions across agents, calls, and system configuration.

RolePermissions
Internal AdminFull system access. Manage tenants, SSO, and global config.
Customer AdminFull access within tenant. Manage teams, users, billing.
Agent ManagerCreate, edit, deploy agents. View call data.
Call ViewerView call logs, recordings, and analytics. Read-only.
DeveloperManage API keys, tools, integrations. View agents.

Multi-Tenancy

Voxentis is fully multi-tenant. Data isolation is enforced at the database level via row-level security (RLS). Your tenant is resolved from the JWT token automatically — no tenant ID needed in API requests.

Security Standards

  • All connections use TLS 1.3
  • Credentials are encrypted with AES-256
  • Audit logs track every API call
  • GDPR, HIPAA, and SOC2 compliance paths are supported