Skip to main content
API keys authenticate your requests to the Boltcall REST API. Each key carries a set of resource permissions so you can grant only the access a particular integration needs.
Your full API key is shown only once — immediately after creation. Copy it to a secure location before closing the dialog. If you lose it, you must revoke the key and create a new one.

Create an API key

1

Open API Keys settings

In your dashboard, go to Settings → API Keys.
2

Start a new key

Click Create API Key.
3

Name the key

Enter a descriptive name that identifies how the key will be used — for example, Production Backend or CRM Integration.
4

Set an expiry date (optional)

Choose an expiry date if you want the key to automatically deactivate after a set period. Leave blank for no expiry.
5

Choose permissions

Select the resources and permission levels this key needs. You must grant at least one permission.
6

Copy your key

Click Create Key. Copy the full key from the confirmation dialog — it will not be shown again.

Resource permissions

Each API key is scoped to specific resources. You can grant read, write, or both permissions per resource.
ResourceDescription
callsRead/write access to call history
leadsRead/write access to lead data
agentsRead/write access to agent configuration
analyticsRead access to analytics data
contactsRead/write access to contacts
knowledge_baseRead/write access to the knowledge base
integrationsRead/write access to integration settings
read — allows GET requests to list and retrieve records for that resource. write — allows POST, PATCH, and DELETE requests to create, modify, and remove records for that resource. Write access does not automatically include read; grant both if needed.
The analytics resource supports read only. Write access is not available for analytics data.

Use a key in API requests

Include your API key as a Bearer token in the Authorization header of every request: 
Authorization: Bearer YOUR_API_KEY
For example, using curl: 
curl https://api.boltcall.org/v1/leads \
  -H "Authorization: Bearer YOUR_API_KEY"
See the API authentication guide for full details on request formatting and error codes.

Revoke a key

To permanently deactivate a key:
1

Open API Keys settings

Go to Settings → API Keys.
2

Revoke the key

Find the key in the Active Keys list and click the trash icon on the right.
3

Confirm

Click Revoke Key in the confirmation dialog. Any application using this key loses access immediately.
Revoked keys appear in the Revoked / Expired section for audit purposes and cannot be reactivated.

Security best practices

  • Never share keys publicly. Do not commit API keys to source control or expose them in client-side JavaScript.
  • Use minimal permissions. Grant only the resources and permission levels each integration actually requires.
  • Set an expiry date for keys used in short-term integrations or shared environments.
  • Rotate keys regularly. Revoke and replace keys periodically, especially after team member changes.
  • Monitor usage. Each key displays usage counts for the last 24 hours, 7 days, and 30 days — review these if you suspect unauthorized access.

Rate limits

Each API key has a rate limit of 60 requests per minute by default. If your integration requires a higher limit, contact support@boltcall.ai. See Rate limits for more detail.