media server logo
PricingAPI docsLaunch on AWSTokyo suggested
Docs search
Overview
Callaba Engine documentation
Getting started
Installation or instant launch
Authorization
Documentation
General settings
Ports
Cluster nodes
Additional utilities
SRT servers
RTMP servers
SRT routes
NDI discovered devices
NDI adapters
NDI configuration
Restreams
Streams
Recordings
Files
Web players
Web player groups
Video calls
Storages
Command-first documentation

Search the module, then move faster through the API

Find the exact module, copy the working request shape, and move from product workflow to API call without getting buried in the tree.

AI assistant preview

Describe what you want to build

Write the workflow in plain language. We will turn it into a GPT-ready brief you can use to generate requests, module order, and starter payloads.

Authorization

AuthorizationSRT serversRTMP servers

After deployment, the first secure step for any API integration is to retrieve the instance API token and use it on every request. Callaba Engine uses a dashboard-issued JWT for API access. In most deployments, this token is all you need to start calling the API.

Find the token in the dashboard under General settings, in the account settings block, at the API Token row. Copy that value and send it in the x-access-token header.

Where to find the token

  1. Sign in to the dashboard with an account that can manage the instance.
  2. Open General settings.
  3. Locate the API Token row.
  4. Use Copy to copy the JWT token.
The API Token row in the Callaba dashboard with the Copy button next to the JWT token.
Copy the token from the API Token row and send it in the x-access-token header.

How to send the token

Include the token in the request header exactly as shown:

x-access-token: <your_api_token>

Example with cURL:

curl -X GET "https://<your-host>/api/..." \
  -H "x-access-token: <your_api_token>"

Production handling

  • Keep it server-side. Do not expose the token in browser code, mobile apps, desktop clients, or frontend bundles.
  • Store it as a secret. Use environment variables, a secret manager, or your CI/CD secret store. Do not hardcode it in source control.
  • Proxy client actions through your backend. If users trigger API operations, have your server add the token and call Callaba Engine on their behalf.
  • Limit accidental exposure. Do not paste the token into chat, tickets, screenshots, or logs. Redact it in debugging output.
  • Plan for rotation. If the token is rotated in the dashboard, update every dependent service, job, and integration immediately.

Basic checks if requests fail

  • Confirm the request includes x-access-token on every API call.
  • Make sure you copied the full token with no missing characters or extra whitespace.
  • Verify your integration is using the current token after any dashboard-side rotation.
  • Check that the request is reaching the correct Callaba Engine instance.

Next step

Once authorization is working, move on to the workflow you are implementing: ingest setup, contribution endpoints, stream management, or delivery configuration.

Back toSRT serversNext toRTMP servers