search
Go to website

keyAuthentication

KrosAI uses API keys to authenticate requests. You can create and manage API keys in the Dashboardarrow-up-right.

hashtag
API Key Authentication

Include your API key in the x-api-key header of every request:

const response = await fetch('https://api.krosai.com/v1/phone-numbers', {
  headers: {
    'x-api-key': 'kros_live_your_api_key_here',
  },
});

hashtag
API Key Format

KrosAI API keys follow this format:

kros_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

     └── Environment: "live" for production
circle-info

All API keys are prefixed with kros_ for easy identification.

hashtag
Creating API Keys Via Dashboard

1

hashtag
Create API key

Go to DevelopersAPI Keys

2

hashtag
Click Create

Click Create API Key

3

hashtag
Name the key

Enter a descriptive name

4

hashtag
Select scopes

Select the required scopes

5

hashtag
Optional: IP restrictions

(Optional) Add IP restrictions

6

hashtag
Optional: expiration

(Optional) Set expiration date

7

hashtag
Finish

Click Create

Important: Copy your API key immediately after creation. For security, we only show the full key once.

hashtag
API Key Properties

Property
Description

Name

Descriptive name for identification

Scopes

Permissions granted to the key

Allowed IPs

Optional IP allowlist for extra security

Expires At

Optional expiration date

Created At

When the key was created

Last Used

Last time the key was used

hashtag
Scopes

Scopes control what actions an API key can perform. Use the principle of least privilege—only grant scopes that are needed.

hashtag
Available Scopes

Scope
Description

numbers:read

View phone numbers

numbers:write

Purchase, configure, and release phone numbers

endpoints:read

View endpoints

endpoints:write

Create, update, and delete endpoints

calls:read

View call logs and recordings

calls:write

Initiate outbound calls, hangup calls

webhooks:read

View webhooks

webhooks:write

Create, update, and delete webhooks

billing:read

View balance and transactions

billing:write

Add credits, manage subscriptions

api-keys:read

View API keys

api-keys:write

Create, update, and revoke API keys

voice:connect

Use the Voice SDK to connect calls

hashtag
Scope Examples

Read-only access for analytics:

Full access for server-side integrations:

Voice SDK access only:

hashtag
IP Restrictions

For additional security, you can restrict API key usage to specific IP addresses:

Requests from non-allowed IPs will receive a 403 Forbidden response.

hashtag
Key Rotation

We recommend rotating API keys regularly. To rotate a key:

1

hashtag
Create new key

Create a new API key with the same scopes

2

hashtag
Update application

Update your application to use the new key

3

hashtag
Verify

Verify the new key works correctly

4

hashtag
Revoke old key

Revoke the old key

hashtag
Bearer Token Authentication

For browser-based applications using the KrosAI Dashboard, we also support Bearer token authentication using JWTs:

circle-info

Bearer tokens are typically used for dashboard access. For server-side integrations, use API keys.

hashtag
Error Responses

chevron-rightInvalid API Keyhashtag

Status: 401 Unauthorized

chevron-rightMissing API Keyhashtag

Status: 401 Unauthorized

chevron-rightInsufficient Scopehashtag

Status: 403 Forbidden

chevron-rightIP Not Allowedhashtag

Status: 403 Forbidden

chevron-rightKey Expiredhashtag

Status: 401 Unauthorized

PreviousQuickstartNextBuy Numbers

Last updated