Voiso API v4 uses a generated scoped API key sent as a Bearer token in the Authorization header. All requests use HTTPS.

❗️
The v4 API no longer uses the contact center or user API keys for authentication. You must now generate a scoped API key using the API key page in the Voiso application.

Generate a scoped API key for v4

Before you can implement your integration, your administrator must create an API key in the API keys page in the Voiso application. For instructions, see API keys.

Unlike legacy integrations that may have relied on API keys embedded in request paths, v4 uses static API keys generated in the application and sent as Bearer tokens in the Authorization header.

When creating a key, admins can assign only the scopes required for the integration, which helps limit access to specific API domains and operations. Voiso recommends selecting the minimum required scopes and reviewing them carefully before going live.

For example:

curl --request GET \
  --url https://api.voiso.com/api/v4/users \
  --header 'Authorization: Bearer YOUR_API_TOKEN' \
  --header 'Content-Type: application/json' \
  --header 'Accept: application/json'

Base URL

Your Base URL is based on your cluster ID:

https://<cluster_id>.voiso.com

Use this Base URL for all v4 endpoints.

Authentication method

Voiso API v4 uses HTTP Bearer authentication.

Include your contact center API key in the Authorization header:

Authorization: Bearer \<generated_api_key\>

Required headers

For most requests, include:

Authorization: Bearer <generated_api_key>
Content Type: application/json

Example request

This example retrieves a list of users:

curl -X GET "https://<cluster_id>.voiso.com/api/v4/users?limit=10&offset=0" \
  -H "Authorization: Bearer <generated_api_key>" \
  -H "Content-Type: application/json"

Keep your API key secure

Treat the API key like a password.
Store it in a secrets manager or secure environment variables.
Do not commit it to source control or share it in tickets or logs.

Common authentication issues

If your API key is missing or invalid, most endpoints return an authentication error such as HTTP 401.

If your key is valid but does not have access to the requested resource, you may receive an authorization error such as HTTP 403.