yourang.ai Logo
Back to the platform
Documentation
Get started
  • What the platform is
  • First access
  • Platform overview
  • Quick glossary
Dashboard Assistant
  • What the dashboard assistant is
  • How to use it
  • What it can do
  • Safety and privacy
  • Plans and usage limits
Voice agent
  • Basic configuration
  • Voices and language
  • Instructions
  • Prompt tokens
  • Advanced settings
  • Evaluation criteria
  • Testing and playground
  • Updating instructions
  • External Tools
  • Built-in tools
  • MCP servers
Models offered
  • What models are and why they matter
  • Voice models
  • AI models
  • Choosing the right combination
Documents and knowledge base
  • What the knowledge base is
  • Uploading and managing documents
  • How search works during a call
  • Best practices
Calls
  • Call history
  • Transcripts and summaries
  • Audio recordings
  • Filters and search
  • Data export
Call transfers
  • When and why to transfer a call
  • Departments
  • System tools
  • AI after-hours
  • Routing rules
  • Operator app (iOS / Android)
WhatsApp
  • WhatsApp Business in yourang.ai
  • Real-time chat
  • Automations
  • Approved templates
  • WhatsApp contacts and lists
  • WhatsApp AI agents
Actions and campaigns
  • What actions are
  • SMS campaigns
  • Email campaigns
  • Scheduling and batch sends
Reservations
  • Calendar view
  • Availability rules
  • Confirmations and reminders
  • Changes and cancellations
Contacts
  • Customer directory
  • CSV import
  • Lists and segments
  • Custom fields
Shop and catalogue
  • The shop in yourang.ai
  • Product and service catalogue
  • Order management
  • OCR and price-list import
Integrations
  • Connect Apple Calendar
  • Connect HubSpot
  • Integrations overview
  • Calendar
  • WhatsApp
  • SMS and email
  • Business software and PMS
  • Outbound webhooks
Workflows
  • What workflows are
  • Nodes and blocks
  • Triggers and webhooks
  • Practical examples
Call center and dialer
  • What the yourang.ai call center does
  • Outbound campaigns
  • Human operators
  • Contact lists and live sync
  • Operator panel
External APIs and developers
  • yourang.ai for developers
  • API keys and authentication
  • Main endpoints
  • Incoming webhooks
Use cases
  • Hotels and accommodation
  • Restaurant
  • B&Bs and short-term rentals
  • Beauty center and spa
  • Travel agency
Pricing and plans
  • How pricing works
  • Subscription plans
  • Wallet and credits
  • Consumption and invoices
  • Changing, suspending, or cancelling the plan
Management
  • Account and organization
  • Billing and subscription
  • Team and roles
  • Security and privacy
  • Notifications
Business information
  • Business details
  • Location and address
  • Opening hours
  • AI assistant hours
  • Departments and team
Resources
  • Frequently asked questions
  • Complete glossary
  • Support
Documentation›External APIs and developers›API keys and authentication

External APIs and developers

API keys and authentication

Generate, use, and revoke API keys safely.

Authentication to the external API is done via API keys, distinct from user credentials. A key identifies an organization and has specific permissions.

Generating a key

  1. 1

    Open the API panel

    Go to Administration -> API. Only users with Owner or Admin role can manage keys.

  2. 2

    Create a new key

    Assign a descriptive name (e.g. "PMS production", "Zapier dev") and select the permission level.

  3. 3

    Copy the value immediately

    The key is shown only once. Store it securely: a password manager, a vault, an environment variable. yourang.ai stores only the hash and cannot show it to you again.

  4. 4

    Configure the external system

    Paste the key into the system that will call the API. The test call confirms everything works.

Permission levels

  • Read. Read-only: contacts, orders, calls, statistics. Ideal for dashboards, reports, pull-based synchronizations.
  • Write. Read + create/modify data: add contacts, register orders, create reservations. For two-way integrations.
  • Write + outbound calls. Includes the ability to trigger outbound calls. It's the most powerful permission, to be assigned only to trusted systems.

Using the key

Each request includes the key in the HTTP Authorization header as a Bearer token. Example: Authorization: Bearer yr_live_abc123. The API validates the key, identifies the organization, and applies permissions before processing the request.

Rotation and revocation

Best practice: rotate keys at least once a year or whenever the staff managing them changes. Revocation is immediate: by clicking "revoke" the key stops working instantly. Always create a new key before revoking the old one, to avoid service interruption.

Never keys in the client

API keys must not appear in public JavaScript code, compiled mobile apps, or public git repositories. They live only server-side. If you suspect compromise: revoke immediately and investigate.
Open the developer portal
API console, request logs, browsable OpenAPI.
Go to the API overview
REST endpoints, authentication, practical examples.

Was this page helpful?

Previousyourang.ai for developersNextMain endpoints