Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.wavix.com/llms.txt

Use this file to discover all available pages before exploring further.

Wavix uses API keys for authentication. An API key is a unique identifier that you include in your API requests to verify your identity and authorize access. You authenticate your requests using the Authorization header with a Bearer token.

Get your API key

  1. Sign in to your Wavix account.
  2. Go to AdministrationAPI Keys.
  3. Click Create new.
  4. Fill in the form:
    • API key name (required): Enter a descriptive name, for example: “Mobile App Production”.
    • Key type: Choose Unrestricted for full access to all API resources, or Restricted to configure per-resource permissions.
    • Restrict access to authorized IPs only (optional): Toggle to limit the key to specific IP addresses.
  5. Click Create.
After clicking Create, a confirmation screen displays your API key. Copy it now. Once you dismiss the screen, the key is masked in the table.

Restricted keys and scopes

When you select the Restricted key type, you assign one of three permission levels to each resource:
PermissionDescription
No accessRequests using this key cannot interact with this resource.
ReadRead-only access. The key can retrieve data but cannot create, update, or delete.
WriteFull access. The key can read, create, update, and delete.
The following resources are available:
ResourceAPI fieldControls
NumbersnumbersPhone number inventory, settings, and purchasing
TrunkstrunksSIP trunk configuration and management
CallscallsCall records, active calls, transcriptions, and call control
MessagesmessagesSending and receiving messages, Sender IDs, and opt-outs
RecordingsrecordingsListing, downloading, and deleting call recordings
CampaignscampaignsBulk voice/SMS campaigns, Brands, short links, and analytics
2FAtwo_faTwo-factor authentication services, OTPs, and verification logs
ValidatorvalidatorSingle and bulk phone number validation and HLR lookups
WebhookswebhooksWebhook endpoint configuration
EmbeddableembeddableWidget tokens and embeddable component configurations
BillingbillingInvoices, balance, payment methods, and usage reports
AccountaccountAccount profile and settings
SubaccountssubaccountsSubaccount management and suspension

IP address restriction

Enabling Restrict access to authorized IPs only adds an extra layer of security. Even if your API key is compromised, it can only be used from your authorized servers. This is useful for backend services on fixed IPs, production environments, and compliance requirements.
IP address restriction and key type are independent — you can combine a Restricted key with IP allowlisting for the strongest security posture.
Store your API key securely. Don’t share it publicly or commit it to version control. If your API key is compromised, revoke it immediately and generate a new one.

Authenticate your requests

Include your API key in the Authorization header using Bearer token format: 
Authorization: Bearer <your_api_key>
Replace <your_api_key> with your actual API key.

Code examples

Here are examples showing how to authenticate requests: 
curl -X GET "https://api.wavix.com/v3/messages?type=outbound" \
  -H "Authorization: Bearer your_api_key"
Keep your API key confidential. Don’t share it or expose it in public repositories, client-side code, or unsecured environments.

Manage API keys programmatically

You can create, list, and manage API keys using the API endpoints. For details, see the API Keys endpoint reference.

Deprecated method

Query parameter authentication using the appid parameter is deprecated and will be removed in a future version. Use Bearer token authentication instead.
Previously, you could authenticate requests by including your API key as the appid query parameter: 
GET https://api.wavix.com/v3/messages?appid=your_api_key
This method is still supported for backward compatibility, but we recommend migrating to Bearer token authentication as soon as possible.