Getting Started

Authentication

API keys, how to get one, how to use them.

The TelEcho Public API uses bearer API keys for authentication. Every request must include an Authorization header with your key:

1Authorization: Bearer tel_live_xxxxxxxxxxxxxxxxxxxxxxxx

Get an API key

  1. Sign in to your TelEcho dashboard.
  2. Go to Settings → API Keys.
  3. Click Create API Key, give it a name (e.g. “Production server”), and choose an expiry.
  4. Copy the full key immediately — it’s shown to you exactly once and cannot be retrieved later.

If you lose a key, revoke it and create a new one.

Key format

tel_live_<43-char-random-string>

The first 12 characters (tel_live_a3f9) are displayed in your dashboard so you can identify keys later. The remaining characters are stored as a SHA-256 hash — TelEcho never sees the full key after creation.

Scoping

Each key is scoped to a single organization — the org you created it from. A key can only access calls, agents, and phone numbers belonging to that org.

Limits

  • Maximum 10 active keys per organization.
  • Optional expiry — keys can be set to expire after 30/60/90/365 days, or never.
  • Keys can be revoked instantly at any time from the dashboard.

Best practices

  • Never commit keys to source control. Use environment variables or a secrets manager.
  • Rotate periodically. Set expiry on production keys and rotate them every quarter.
  • One key per environment. Use separate keys for prod, staging, and dev so revoking one doesn’t break the others.
  • Use the smallest possible scope. When per-key scopes ship, restrict keys to read-only when possible.