Wavix uses API keys for authentication. An API key is a unique identifier that you include in your API requests to verify your identity and authorize access. You authenticate your requests using the Authorization header with a Bearer token.
Get your API key
- Sign in to your Wavix account.
- Go to Administration → API Keys.
- Click Create new.
- Fill in the form:
- API key name (required): Enter a descriptive name, for example: “Mobile App Production”.
- Key type: Choose Unrestricted for full access to all API resources, or Restricted to configure per-resource permissions.
- Restrict access to authorized IPs only (optional): Toggle to limit the key to specific IP addresses.
- Click Create.
After clicking Create, a confirmation screen displays your API key. Copy it now. Once you dismiss the screen, the key is masked in the table.
Restricted keys and scopes
When you select the Restricted key type, you assign one of three permission levels to each resource:
| Permission | Description |
|---|
| No access | Requests using this key cannot interact with this resource. |
| Read | Read-only access. The key can retrieve data but cannot create, update, or delete. |
| Write | Full access. The key can read, create, update, and delete. |
| Resource | API field | Controls |
|---|
| Numbers | numbers | Phone number inventory, settings, and purchasing |
| Trunks | trunks | SIP trunk configuration and management |
| Calls | calls | Call records, active calls, transcriptions, and call control |
| Messages | messages | Sending and receiving messages, Sender IDs, and opt-outs |
| Recordings | recordings | Listing, downloading, and deleting call recordings |
| Campaigns | campaigns | Bulk voice/SMS campaigns, Brands, short links, and analytics |
| 2FA | two_fa | Two-factor authentication services, OTPs, and verification logs |
| Validator | validator | Single and bulk phone number validation and HLR lookups |
| Webhooks | webhooks | Webhook endpoint configuration |
| Embeddable | embeddable | Widget tokens and embeddable component configurations |
| Billing | billing | Invoices, balance, payment methods, and usage reports |
| Account | account | Account profile and settings |
| Subaccounts | subaccounts | Subaccount management and suspension |
IP address restriction
Enabling Restrict access to authorized IPs only adds an extra layer of security. Even if your API key is compromised, it can only be used from your authorized servers. This is useful for backend services on fixed IPs, production environments, and compliance requirements.
IP address restriction and key type are independent — you can combine a Restricted key with IP allowlisting for the strongest security posture.
Store your API key securely. Don’t share it publicly or commit it to version control. If your API key is compromised, revoke it immediately and generate a new one.
Authenticate your requests
Include your API key in the Authorization header using Bearer token format:
Authorization: Bearer <your_api_key>
<your_api_key> with your actual API key.
Code examples
Here are examples showing how to authenticate requests:
curl -X GET "https://api.wavix.com/v3/messages?type=outbound" \
-H "Authorization: Bearer your_api_key"
Keep your API key confidential. Don’t share it or expose it in public repositories, client-side code, or unsecured environments.
Manage API keys programmatically
You can create, list, and manage API keys using the API endpoints. For details, see the API Keys endpoint reference.
Deprecated method
Query parameter authentication using the appid parameter is deprecated and will be removed in a future version. Use Bearer token authentication instead.
appid query parameter:
GET https://api.wavix.com/v3/messages?appid=your_api_key
