Authorization
After deployment, the first secure step for any API integration is to retrieve the instance API token and use it on every request. Callaba Engine uses a dashboard-issued JWT for API access. In most deployments, this token is all you need to start calling the API.
Find the token in the dashboard under General settings, in the account settings block, at the API Token row. Copy that value and send it in the x-access-token header.
Where to find the token
- Sign in to the dashboard with an account that can manage the instance.
- Open General settings.
- Locate the API Token row.
- Use Copy to copy the JWT token.
x-access-token header.How to send the token
Include the token in the request header exactly as shown:
x-access-token: <your_api_token>Example with cURL:
curl -X GET "https://<your-host>/api/..." \
-H "x-access-token: <your_api_token>"Production handling
- Keep it server-side. Do not expose the token in browser code, mobile apps, desktop clients, or frontend bundles.
- Store it as a secret. Use environment variables, a secret manager, or your CI/CD secret store. Do not hardcode it in source control.
- Proxy client actions through your backend. If users trigger API operations, have your server add the token and call Callaba Engine on their behalf.
- Limit accidental exposure. Do not paste the token into chat, tickets, screenshots, or logs. Redact it in debugging output.
- Plan for rotation. If the token is rotated in the dashboard, update every dependent service, job, and integration immediately.
Basic checks if requests fail
- Confirm the request includes
x-access-tokenon every API call. - Make sure you copied the full token with no missing characters or extra whitespace.
- Verify your integration is using the current token after any dashboard-side rotation.
- Check that the request is reaching the correct Callaba Engine instance.
Next step
Once authorization is working, move on to the workflow you are implementing: ingest setup, contribution endpoints, stream management, or delivery configuration.