Skip to main content

Overview

The Unpod SDK needs an access token to connect to the server successfully. This token holds the participant’s identity, room name, capabilities, and permissions. Tokens are signed with your API secret to block forgery, and include an expiration time after which the server rejects them.
Expiration time only impacts the initial connection, and not subsequent reconnects.

Authentication Method

The Unpod API uses API Key Authentication:
HeaderFormatExample
AuthorizationToken <token>Authorization: Token a1b2c3d4e5f6g7h8i9j0...

How to Get Your API Token

Follow these steps to obtain your API token from the Unpod Dashboard:
  1. Login to the Unpod Dashboard
  2. After login, you’ll be redirected to the Hub page
  3. On the left sidebar, click on the Key icon (Api Keys)
  4. You’ll be redirected to the API Keys page
  5. Click Generate New API Key
  6. Copy and securely store your API token
If you delete an API key, you can always generate a new one from the API Keys page.

Required Headers

Depending on the endpoint, you may need additional headers:
NameTypeRequiredDescription
AuthorizationstringYesToken <your-api-token>
Org-HandlestringSometimesOrganization domain handle
Product-IDstringSometimesProduct identifier
Content-TypestringFor POST/PATCHapplication/json

Example Request

GET /api/v2/platform/telephony/bridges/
Headers:
  Authorization: Token a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6
  Org-Handle: your-org-handle
  Product-ID: your-product-id

Code Examples

const axios = require('axios');

const headers = {
  'Authorization': 'Token your-api-token',
  'Org-Handle': 'your-org-handle',
  'Product-ID': 'your-product-id',
  'Content-Type': 'application/json'
};

// Make authenticated request
const getBridges = async () => {
  const response = await axios.get(
    'https://unpod.dev/api/v2/platform/telephony/bridges/',
    { headers }
  );
  return response.data;
};

const getCallLogs = async () => {
  const response = await axios.get(
    'https://unpod.dev/api/v2/platform/call-logs/',
    { headers }
  );
  return response.data;
};

Error Responses

401 - Unauthorized

Returned when authentication credentials are missing or invalid. 
{
  "status_code": 401,
  "message": "Authentication credentials were not provided."
}

403 - Forbidden

Returned when the token is expired or access is denied. 
{
  "status_code": 403,
  "message": "Token has expired."
}

400 - Bad Request

Returned when required headers are missing. 
{
  "status_code": 400,
  "message": "Org-Handle header is required."
}

Best Practices

  1. Secure Storage: Never expose your API tokens in client-side code or public repositories
  2. HTTPS Only: Always use HTTPS for all API requests
  3. Header Validation: Always include required headers (Org-Handle, Product-ID) where needed
  4. Error Handling: Implement proper error handling for authentication failures
  5. Rotation: Rotate API tokens periodically for enhanced security