API Keys

Tokens for partners, tenants, and operators. Server-loaded keys shown below are masked.

Server-side credentials (env)

These are baked into the deployment, not stored in the DB. Rotate via Vercel → Environment Variables.

VAPI_PRIVATE_KEY

Used by /api/vapi proxy + provisioner

a0552d…2ed7Loaded

SUPABASE_SERVICE_ROLE_KEY

Bypasses RLS — used by webhooks and server actions

sb_sec…gKXdLoaded

VAPI_WEBHOOK_SECRET

Validates Vapi webhook HMAC signature

060ce5…b365Loaded

NEXT_PUBLIC_SUPABASE_ANON_KEY

Browser-safe — RLS still applies

sb_pub…5Qt8Loaded

Database-issued tokens

Keys created from the platform UI (per master, per partner). Stored in the api_keys table.

No DB-issued keys yet. Generate one from a master's settings.