Voice API Authentication

How Authentication Works

The EnableX Voice API uses HTTP Basic Authentication — a widely supported standard where your credentials are sent with every API request inside the Authorization header.

Here is what happens under the hood:

1. You take your App ID and App Key and join them with a colon: APP_ID:APP_KEY.
2. You Base64-encode that combined string.
3. You prefix the result with the word Basic and a space.
4. You send this as the value of the Authorization header in every HTTP request.

The EnableX server decodes the header on each request, looks up your App ID, and verifies the App Key. If they match and your project has Voice API enabled, the request is accepted. There is no session, no login, and no token to refresh — every request is independently authenticated.

Get Your Credentials

Your App ID and App Key are generated per project inside the EnableX Portal. If you have not created a Voice project yet, do that first.

1. Log in to portal.enablex.io.
2. Select your project from the dashboard, or click Create Project to start a new one.
3. In the project, go to Settings › API Credentials.
4. Copy the App ID and the App Key.
5. Make sure Voice API is enabled for the project (under Settings › Voice).

Once you have the App ID and App Key, you are ready to construct your authentication header.

Using Basic Authentication

Constructing the Authorization header is a two-step process: combine your credentials, then encode them.

Building the Header

Start by joining your App ID and App Key with a colon, then Base64-encode the result:

# Step 1: Combine credentials
APP_ID:APP_KEY

# Step 2: Base64-encode the combined string
echo -n "your_app_id:your_app_key" | base64
# Output: eW91cl9hcHBfaWQ6eW91cl9hcHBfa2V5

# Step 3: Prefix with "Basic "
Authorization: Basic eW91cl9hcHBfaWQ6eW91cl9hcHBfa2V5

In code, most HTTP libraries handle this for you when you supply a username and password to a Basic Auth option. The encoding happens automatically.

Example HTTP Request

Here is what a complete authenticated request looks like — each HTTP component on its own line for clarity:

POST https://api.enablex.io/voice/v1/call
Authorization: Basic eW91cl9hcHBfaWQ6eW91cl9hcHBfa2V5
Content-Type: application/json

{
  "name": "outbound-call",
  "owner_ref": "ref-001",
  "from": "+12015551234",
  "to": ["+919876543210"],
  "action_on_connect": {
    "play": {
      "text": "Hello! This is a test call from EnableX.",
      "voice": "female",
      "language": "en-US"
    }
  }
}

Code Samples

Most HTTP libraries have native Basic Auth support so you never have to manually Base64-encode:

const axios = require('axios');

const APP_ID  = process.env.ENABLEX_APP_ID;
const APP_KEY = process.env.ENABLEX_APP_KEY;

const response = await axios.post(
  'https://api.enablex.io/voice/v1/call',
  {
    name: 'outbound-call',
    owner_ref: 'ref-001',
    from: '+12015551234',
    to: ['+919876543210'],
    action_on_connect: {
      play: {
        text: 'Hello from EnableX!',
        voice: 'female',
        language: 'en-US'
      }
    }
  },
  {
    auth: {
      username: APP_ID,
      password: APP_KEY
    }
  }
);

console.log(response.data);

import os
import requests

APP_ID  = os.environ['ENABLEX_APP_ID']
APP_KEY = os.environ['ENABLEX_APP_KEY']

payload = {
    "name": "outbound-call",
    "owner_ref": "ref-001",
    "from": "+12015551234",
    "to": ["+919876543210"],
    "action_on_connect": {
        "play": {
            "text": "Hello from EnableX!",
            "voice": "female",
            "language": "en-US"
        }
    }
}

response = requests.post(
    'https://api.enablex.io/voice/v1/call',
    json=payload,
    auth=(APP_ID, APP_KEY)
)

print(response.json())

<?php

$app_id  = getenv('ENABLEX_APP_ID');
$app_key = getenv('ENABLEX_APP_KEY');

$payload = json_encode([
    'name'      => 'outbound-call',
    'owner_ref' => 'ref-001',
    'from'      => '+12015551234',
    'to'        => ['+919876543210'],
    'action_on_connect' => [
        'play' => [
            'text'     => 'Hello from EnableX!',
            'voice'    => 'female',
            'language' => 'en-US'
        ]
    ]
]);

$ch = curl_init('https://api.enablex.io/voice/v1/call');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_USERPWD, "$app_id:$app_key");
curl_setopt($ch, CURLOPT_HTTPHEADER, ['Content-Type: application/json']);

$response = curl_exec($ch);
curl_close($ch);

echo $response;

curl -X POST https://api.enablex.io/voice/v1/call \
  -u "$ENABLEX_APP_ID:$ENABLEX_APP_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "outbound-call",
    "owner_ref": "ref-001",
    "from": "+12015551234",
    "to": ["+919876543210"],
    "action_on_connect": {
      "play": {
        "text": "Hello from EnableX!",
        "voice": "female",
        "language": "en-US"
      }
    }
  }'

Authentication Across API Families

The EnableX Voice platform has three distinct API families. Every one of them uses the same HTTP Basic Authentication pattern — same credentials, same header format, just a different base URL.

Because all three share the same auth model, you can use a single set of credentials for your entire Voice integration. No need to manage separate tokens or scopes per API.

App-to-Voice Token (Web Clients Only)

The authentication methods described above are for server-to-server API calls. If you are building a browser-based application or using the Voice Bot SDK or Voice Bot UI Kit, you cannot embed your App Key in client-side code — it would be publicly visible.

For this scenario, EnableX provides a separate token endpoint. Your backend exchanges its App credentials for a short-lived JWT token and passes that token to the browser client. The client then uses the token to connect to the EnableX Voice Server directly.

How the Token Flow Works

1. Your server calls the token endpoint with Basic Auth (App ID + App Key).
2. EnableX validates your credentials and checks if the requesting domain is whitelisted in your project settings.
3. EnableX returns a JWT token.
4. Your server delivers the token to the browser client (e.g., as part of a page load or API response).
5. The Voice Bot SDK uses that token to authenticate the WebRTC session with the EnableX Voice Server.

Token Endpoint

Your server makes a POST request to the token endpoint. The only required payload field is domain — the domain your web client is hosted on.

POST https://api.enablex.io/voice/v1/webclient/token
Authorization: Basic eW91cl9hcHBfaWQ6eW91cl9hcHBfa2V5
Content-Type: application/json

{
  "domain": "yourdomain.com"
}

Successful Response

On success, the endpoint returns a JWT token string:

{
  "token": "Token_Value"
}

Pass this token to your Voice Bot SDK or Voice Bot UI Kit to establish the WebRTC session.

Token Error Responses

There are two error scenarios to handle:

Invalid project or domain not whitelisted — the platform returns HTTP 405 with this body:

{
  "result": 405,
  "msg": "Method Not Allowed"
}

Token generation failed — credentials are valid but the token could not be issued. The token field is returned as null:

{
  "token": null
}

If you see "result": 405, check that your App ID and App Key are correct and that the domain you are passing is listed in your project's whitelisted domains. If you see "token": null, contact EnableX support — this indicates a platform-side issue.

Server-Side Example

This is what your backend token-issuing route looks like. The browser client calls your server, and your server calls EnableX — your App Key never reaches the browser.

const express = require('express');
const axios   = require('axios');
const app     = express();

const APP_ID  = process.env.ENABLEX_APP_ID;
const APP_KEY = process.env.ENABLEX_APP_KEY;

// Browser client calls GET /voice-token
app.get('/voice-token', async (req, res) => {
  try {
    const response = await axios.post(
      'https://api.enablex.io/voice/v1/webclient/token',
      { domain: 'yourdomain.com' },
      {
        auth: {
          username: APP_ID,
          password: APP_KEY
        }
      }
    );

    const { token } = response.data;

    if (!token) {
      return res.status(500).json({ error: 'Token generation failed' });
    }

    res.json({ token });
  } catch (err) {
    const status = err.response?.status || 500;
    res.status(status).json({ error: 'Failed to fetch voice token' });
  }
});

app.listen(3000);

Authentication Errors

When authentication fails, the EnableX API returns a standard HTTP error response. Here is what each error means and how to fix it.

HTTP 401 — Unauthorized

This means the Authorization header is missing, malformed, or the encoded credentials cannot be decoded. Common causes:

• No Authorization header was sent.
• The header value does not start with Basic (including the space).
• The Base64-encoded string is corrupted or incorrectly formed.
• The App ID and App Key were concatenated incorrectly (not with a colon as separator).

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="EnableX API"
Content-Type: application/json

{
  "result": 401,
  "msg": "Unauthorized"
}

Fix: Verify the Authorization header is present and correctly formed. Re-encode your credentials and confirm the format is Basic <base64(APP_ID:APP_KEY)>.

HTTP 403 — Forbidden

This means the credentials decoded successfully but access was denied. Common causes:

• The App ID exists but the App Key does not match — credentials are wrong.
• The project does not have the Voice API enabled.
• Your account is suspended or has insufficient balance.
• The App Key was regenerated and the old key is being used.

HTTP/1.1 403 Forbidden
Content-Type: application/json

{
  "result": 403,
  "msg": "Forbidden"
}

Fix: Go to the EnableX Portal, confirm your App ID and App Key are current, and verify that Voice API is enabled for your project. Check your account billing status.