API Reference
API Keys
Create and manage API keys with granular scopes and request logging.
llm, stt, tts, search, image, or * for all) — and scopes — which platform resources it can touch (bots:read, bots:write, conversations:read, conversations:write, knowledge:read, knowledge:write, webhooks:write, whatsapp:read, whatsapp:write, whatsapp:send). A key also supports a domain allowlist, a per-key RPM limit, a budget cap, allowed models, and allowed search providers. Request and prompt logging are opt-in per key.Create a key
Key management uses your dashboard session (JWT). This example mints an LLM-only key that can read conversations, capped at 200 req/min and a 5,000-credit budget:
curl https://api.callmissed.com/api/v1/keys \
-H "Authorization: Bearer <jwt_access_token>" \
-H "Content-Type: application/json" \
-d '{
"name": "Production LLM key",
"permissions": "llm",
"scopes": "conversations:read",
"rate_limit_rpm": 200,
"budget_limit": 5000
}'The plaintext key is returned once — store it now:
{
"id": "k1234567-89ab-cdef-0123-456789abcdef",
"name": "Production LLM key",
"key": "cm_live_3f9a...redacted",
"permissions": "llm",
"scopes": "conversations:read",
"allowed_domains": "*",
"is_active": true,
"logs_enabled": false,
"prompt_logging_enabled": false,
"budget_limit": 5000.0,
"budget_used": 0.0,
"budget_remaining": 5000.0,
"rate_limit_rpm": 200,
"allowed_models": "*",
"created_at": "2026-06-06T12:15:00Z"
}If you lose it later, POST /api/v1/keys/:id/reveal/request emails an OTP, then .../reveal/verify returns the stored plaintext. New keys have logging off by default — flip logs_enabled (and prompt_logging_enabled for message content) only when you need it.
/api/v1/keys AuthList all API keys (plaintext never returned)
/api/v1/keys AuthCreate API key — plaintext shown once
Request Body
namestring (required)permissionscomma-separated services (llm, stt, tts, search, image) or * — default *scopescomma-separated resource scopes (bots:read, etc.); empty = no resource access/api/v1/keys/:id AuthUpdate name, scopes, domains, budget, RPM, allowed models, search providers, or expiry
Request Body
namestringrpm_limitnumberbudgetnumber (credits)allowed_modelsarrayexpires_atISO8601 | null/api/v1/keys/:id/permissions AuthSet service permissions — any of llm, stt, tts, search, image, or * for all
Request Body
permissionscomma-separated service names or */api/v1/keys/:id/domains AuthSet the domain allowlist for the key
Request Body
domainsarray of hostnames/api/v1/keys/:id/logs AuthToggle request logging on/off for a key
Request Body
logs_enabledboolean/api/v1/keys/:id/prompt-logs AuthToggle capturing prompt/completion content (off by default)
Request Body
prompt_logs_enabledboolean/api/v1/keys/:id/reveal/request AuthRequest an OTP to reveal the stored plaintext key
/api/v1/keys/:id/reveal/verify AuthVerify the OTP and return the plaintext key
Request Body
codestring/api/v1/keys/:id/logs AuthRecent request logs for a key (latency, model, cost, status, errors)
/api/v1/keys/:id/rate-state AuthLive per-key RPM consumption state
/api/v1/keys/:id AuthRevoke an API key permanently