Authentication
The Replicer API uses API keys for authentication. Include your key in the Authorization header of every request as a Bearer token.
Making authenticated requests
bash
curl https://api.replicer.ai/v1/agents \
-H "Authorization: Bearer rpl_live_your_api_key_here"API Key format
API keys follow a prefixed format for easy identification:
| Prefix | Environment | Usage |
|---|---|---|
rpl_live_ | Production | Real calls, real data |
rpl_test_ | Test | Testing and development |
Creating API keys
- Go to your Dashboard → Settings → API
- Click Create API Key
- Choose a name, environment, and select the scopes you need
- Copy the key immediately — it's shown only once
Scopes
Each API key has granular scopes that control access. Only request the scopes you need:
| Scope | Grants access to |
|---|---|
calls:read | List calls, get call details |
calls:write | Create outbound calls |
contacts:read | List contacts |
contacts:write | Create contacts |
agents:read | List agents |
calendar:read | List calendar events |
calendar:write | Create calendar events |
messages:read | List messages |
messages:write | Send messages |
webhooks:manage | Manage webhook endpoints |
If your API key lacks a required scope, the API returns a 403 Forbidden error:
json
{
"error": {
"code": "insufficient_scope",
"message": "API key does not have the required scope: calls:write"
},
"requestId": "req-abc123"
}Key security
Important
- Never share your API key or commit it to version control
- Store keys in environment variables or a secret manager
- Use test keys (
rpl_test_) during development - Rotate keys regularly; revoke unused ones from the dashboard
- Set an expiration date when possible
Authentication errors
| Status | Code | Meaning |
|---|---|---|
401 | unauthorized | Missing or invalid API key |
403 | forbidden | Key is inactive or expired |
403 | insufficient_scope | Key doesn't have the required scope |