Purpose

CRM API keys allow external systems to trigger outbound calls without an admin JWT. Endpoint: 
POST /api/v1/sip/dialout
X-API-Key: vx_...
Content-Type: application/json

Create a key

In CXB Console:
  1. Go to Dashboard → API Keys.
  2. Create a key for the CRM/integration.
  3. Copy the full key immediately.
  4. Store it in the CRM secret manager.
The full key is shown only once. After that only the masked prefix is visible.

Key format

Keys use: 
vx_ + 32 random characters
CXB API stores only a SHA-256 hash in MongoDB.

Expiry and active state

Each key is checked on every authenticated request:
ControlBehavior
Active toggle (is_active)An inactive key is rejected at auth. Deactivate instead of deleting to keep an audit trail.
Expiry (expires_at)Optional. When set and in the past, the key is rejected. Leave unset for a non-expiring key.
Set an expiry when handing a key to a short-lived integration or pilot. Deactivate (or let it expire) to revoke access without rotating other keys.

Dialout payload

CRM-friendly payload: 
{
  "bot_id": "bot-id-here",
  "to_number": "+919999999999",
  "variables": {
    "CUSTOMERNAME": "Rajesh",
    "due_amount": "50000"
  }
}
variables is an alias for connected_event. Do not send both in the same request.

Ops checks

  • key is active
  • bot exists and is active
  • fleet has available capacity
  • number is in correct format for carrier
  • variables match bot prompt/policy fields