Skip to content
DocsStart free

API Overview

SIP.IO is driven by a set of HTTP services. As a developer you’ll mostly use the public /v1 REST API; the platform also runs an edge control plane, a realtime service, and a management console behind the scenes.

ServiceHostWhat it’s for
Public APIapi.sip.io/v1The versioned REST API you build against: accounts, calls/CDR, agents, queues, numbers, DNC, campaigns, webhooks. Public API (v1).
Realtimerealtime.sip.ioThe live supervisor wallboard UI and its WebSocket feed.
Consoleconsole.sip.ioManagement surface + console login (email/password → session token).
Edge control planethe node hostThe endpoints the SIP edge calls to run calls (/route, /flow, /auth, /agent, …). Control-Plane API.

The services share one account, auth, and data model. They’re separate deployments of one platform, not separate products.

Two credential types, both presented in a header (see Authentication):

  • API keys: x-api-key: sk_…, for machine-to-machine. Scoped per key.
  • Session tokens: Authorization: Bearer <jwt>, issued by console login, for user sessions.

Every request is authorized against per-resource scopes (calls/cdr, agents, queues, numbers, dnc, campaign, webhooks, …; * grants all).

The public API is https://api.sip.io. Requests and responses are JSON; the edge control plane also accepts form-encoded bodies (the SIP nodes’ default). An OpenAPI 3.0 spec is served at GET /v1/openapi.json, so you can generate a typed client in any language.

Subscribe to events (call.started, call.ended) and SIP.IO POSTs them to your URL, HMAC-SHA256 signed. See Webhooks.

The configuration objects you create and edit (accounts, numbers, queues, schedules, trunks) are defined by the data model. The /v1 API reads and writes these; the Resource Reference lists their fields.

  • Route target: the dest_kind / dest_id / dest_xform trio that says “send the call here.” See Numbers & Extensions.
  • Secret references: fields ending in _secret_ref hold a key into the encrypted store, never a plaintext secret.
  • IDs are prefixed, time-ordered opaque strings (q_…, us_…, sk_…); time is epoch, money is micro-units.

Continue to Authentication.