Skip to main content

Authentication

All SFVoPI API requests require authentication using an API Key. This page explains how to obtain and use your API key securely.

Authentication Method

SFVoPI uses API Key authentication via the X-API-Key HTTP header. Every request to the API must include this header with your unique API key.

Header Format

X-API-Key: your_api_key_here

How to Get Your API Key

Currently, API keys are provisioned manually by the Superfone team.

To request an API key:

  1. Contact the Superfone team at hello@superfone.in
  2. Provide your organization details and use case
  3. You'll receive your API key via secure channel
info

Self-service API key generation is not yet available. We're working on adding this feature to the dashboard soon.

Using Your API Key

Include the X-API-Key header in every API request. Here are examples in multiple languages:

curl -X POST https://prod-api.superfone.co.in/superfone/sfvopi/apps \
  -H "X-API-Key: your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"name":"My Voice App","answer_url":"https://example.com/answer","answer_method":"POST"}'

Security Best Practices

Never Expose API Keys in Client-Side Code

API keys grant full access to your SFVoPI account. Never include them in:

  • Frontend JavaScript code (React, Vue, Angular, etc.)
  • Mobile app source code
  • Public repositories (GitHub, GitLab, etc.)
  • Client-side configuration files

Always make API calls from your backend server where keys can be kept secure.

Store Keys in Environment Variables

Never hardcode API keys in your source code. Use environment variables instead:

// .env file
SFVOPI_API_KEY=your_api_key_here

// app.js
require('dotenv').config();
const apiKey = process.env.SFVOPI_API_KEY;

const response = await fetch('https://prod-api.superfone.co.in/superfone/sfvopi/apps', {
  headers: {
    'X-API-Key': apiKey,
    'Content-Type': 'application/json'
  }
});

Rotate Keys Periodically

If you suspect your API key has been compromised:

  1. Immediately contact the Superfone team at hello@superfone.in
  2. Request a new API key
  3. Update your application with the new key
  4. The old key will be revoked
warning

Treat API keys like passwords. If a key is exposed publicly (e.g., committed to GitHub), assume it's compromised and request a new one immediately.

Authentication Errors

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "message": "UnAuthorized, Please Provide Valid API Key"
}

Common causes:

  • Missing X-API-Key header
  • Invalid or expired API key
  • Typo in the API key value

Solution: Verify your API key is correct and included in the request header.

Next Steps

Now that you know how to authenticate: