Authentication
Every request to a tenant endpoint requires an X-API-Key header.
Header format
GET /v1/sessions HTTP/1.1
Host: api.cloudtalknet.com
X-API-Key: ctn_live_abc123...
Content-Type: application/json
The same header is used in Swagger UI — click Authorize in /api/swagger and paste your key to invoke endpoints from the browser.
Where to get a key
CloudTalk Networks issues your first key when your tenant is activated. After that, you can manage keys yourself — list, create, rotate, and revoke — see Manage API keys.
For the initial activation contact your account manager.
Keys can be rotated without downtime — create a new key, deploy it, then revoke the old one. The full pattern is documented in Manage API keys.
Treat it like a password
- Store it server-side only — environment variable or secrets manager.
- Never embed it in mobile apps, single-page apps, or repository code.
- Use a different key per environment (staging vs production).
Rate limits
Requests are rate-limited per API key:
| Limit | Default |
|---|---|
| Requests per minute | 120 |
| Burst window | 60 seconds |
When you exceed the limit you'll receive 429 Too Many Requests with a JSON body explaining the limit. Back off and retry.
Errors you may see
| Status | Meaning | Action |
|---|---|---|
401 Unauthorized |
Missing or invalid X-API-Key |
Verify the header name and key value |
429 Too Many Requests |
Rate limit exceeded | Back off; check our limits or batch calls |
See Errors & rate limits for the full error vocabulary.