Get started
Authentication
Authenticate every request with an API key in the Authorization header. Create keys in the dashboard under API Keys (or via the Workspace API). Keys are workspace-scoped and carry a set of permission scopes.
bash
curl https://api.bolchoai.in/v1/agents \
-H "Authorization: Bearer $VOXA_API_KEY"Scopes
Keys hold one or more scopes; an endpoint requires the scope noted on it. Available scopes: agents:read, agents:write, knowledge:read, knowledge:write, tools:read, tools:write, calls:read, calls:write, analytics:read, billing:read, billing:write, workspace:admin.
Dashboard tokens
Browser sessions use a short-lived JWT plus an x-workspace-id header instead of an API key. For server-to-server integrations, always use an API key (vx_…).
Keep API keys secret — they grant full programmatic access to your workspace. Rotate a key by creating a new one and deleting the old.