Skip to main content

Your SignalWire API Space


The API credentials found on this page are your key to accessing SignalWire's APIs and SDKs.

Most SignalWire API endpoints require authentication using HTTP Basic Auth. HTTP Basic Authentication requires you to send an Authorization header with your Project ID and API Token. This should be supported in almost all HTTP clients.

Each project has its own Project ID and API Authentication Tokens you will need to use when making a request to the API. Some methods will also require you to pass your Space URL.

API Credentials Page screenshot
  • Project ID: Use this UUID to specify your project to the API.
  • Space URL: Use this URL to access SignalWire APIs. The space name is used to access a space-specific endpoint.
  • API Tokens: Authentication tokens to access the API. You can have multiple tokens for each project.
API Authorization Tokens vs Video and Chat SDK Tokens

API tokens are protected and used server-side to access the API. The tokens we refer to when using Video or Chat products in the browser are not the same tokens we generate and store here. In fact, you will use your API token when calling an endpoint to request a Video Room or Chat token. See more on these tokens in our Simple Video Demo and Simple Chat Demo.

Generating a new API Token

To generate a new API token, click the blue "+ New" button. A "New API Token" form will open.

Give your token a descriptive name to help differentiate it in logs and for debugging. You may choose a limited set of RELAY permissions scopes to allow this token to only access the scopes necessary for a specific application. When you are finished, click "Save" to return to your list of existing tokens.

You can edit the token name and allowed scopes later by clicking the button and selecting "Edit." You may also delete a token from the same dropdown menu or the Edit page.

Using API Tokens

Token Security

It is important that the API tokens are kept confidential. They can be used to make API requests on your behalf. Take extreme care to make sure that the tokens don't get pushed to GitHub. Make sure that the tokens aren't publicly accessible. For Node.js backend, you can use dotenv files or similar mechanisms paired with a gitignore file to safely store confidential constants.

All API requests must be made with proper authentication over HTTPS. Calls made over plain HTTP or without auth will fail.

You can find the correct credentials structure for each specific call in the SDK Reference, REST API Reference, or in a specific Guide you may wish to follow.

For a general example, we can look at how to list video rooms with the REST API:

curl https://<space name> \
-u '<project ID>:<API token>'

Or with the Realtime SDK, you may use these credentials to create a Video Client.

import { Video } from "@signalwire/realtime-api";

const video = new Video.Client({
project: "<project ID>",
token: "<API token>",

Note that you are not required to pass the space URL when working with the SDK.