All requests to the Boltcall API must include a valid API key. The API uses Bearer token authentication — pass your key in the Authorization header on every request.
Base URL
https://api.boltcall.org/v1
Get an API key
Generate API keys from your dashboard under Settings → API Keys. See API keys for instructions on creating and managing keys.
Send authenticated requests
Include your API key as a Bearer token in the Authorization header:
curl https://api.boltcall.org/v1/agents \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"
Never expose API keys in client-side code or public repositories. Store them in environment variables and make API calls from your server.
Key permissions
When creating an API key you choose which resources it can access and whether each resource allows read or write access. Available resources are: calls, leads, agents, analytics, contacts, knowledge_base, and integrations.
Error responses
401 Unauthorized
Returned when the Authorization header is missing or the key is invalid or expired.
{
"error": {
"code": "invalid_api_key",
"message": "The API key provided is invalid or expired.",
"status": 401
}
}
403 Forbidden
Returned when the key is valid but lacks the required permission for the requested resource.
{
"error": {
"code": "forbidden",
"message": "Your API key does not have permission to access this resource.",
"status": 403
}
}
If you receive a 403, check the key’s permission settings in Settings → API Keys and ensure the resource and permission level (read or write) are enabled.