API keys
Path: /settings → API Keys tab
API keys let external systems talk to TelAPI — primarily for initiating and querying WebRTC call sessions. The tab is only visible if a superadmin has enabled API access for your team (Admin Settings → Teams → API Access Configuration).
Prerequisites
A superadmin must:
- Enable API access for the team.
- Configure allowed scopes the team can assign to keys.
- Set max API keys (per team).
- Optionally set max requests / day (rate limit).
Usage stats
The tab header shows:
| Stat | Description |
|---|---|
| API Keys | Current count vs. maximum (e.g. 1 / 2). |
| Requests Today | Requests made today vs. daily limit, if configured. |
| Available Scopes | Scopes assignable to new keys. |
Available scopes
| Scope | Description |
|---|---|
CREATE_CALL_TOKEN | Create call tokens for initiating WebRTC sessions. |
READ_CALL_TOKEN | Read / query existing call tokens. |
READ_TEAM_APPS | List the team's apps and their metadata — useful when your backend selects the endpoint dynamically. |
All three scopes apply to the WebRTC-gated portion of TelAPI. Keys are only useful while the platform's webrtc feature flag is on; the async LLM webhook endpoint (/api/v1/webhooks) uses its own auth and isn't controlled by these scopes. See API authentication.
Columns
| Column | Description |
|---|---|
| Name | Friendly name. |
| Scopes | Assigned scopes (chips). |
| Created | Creation timestamp. |
| Last Used | When the key was last used. |
Key security
- The key value is shown only once at creation. Copy it immediately.
- After creation, the key is masked and cannot be retrieved.
- If lost, delete and re-create.
Workflows
Create a key
- Click Create.
- Enter a friendly Name.
- Select Scopes.
- Click Create. Copy the key shown.
- Store securely in your application's config.
Delete a key
Use the row action; confirm. The key is invalidated immediately.
See also
- TelPhi SDK — primary consumer of API keys.
- Admin settings — where API access is enabled per team.