V
Voxtar DevelopersAPI Reference / v1
Introductionv1

Authentication

Voxtar authenticates every request with a secret API key sent as a Bearer token. Keys are scoped to a single workspace and carry that workspace's data-residency and retention settings.

API keys

Create and rotate keys in the dashboard under Developers → API Keys. Treat a key like a password: it can read patients and submit audio for analysis. Never ship it in client-side code, a mobile bundle, or a public repo — all requests must originate from your server.

Making an authenticated request

Pass the key in the Authorization header:

curl https://api.voxtar.hallelx2.com/v1/patients \
-H "Authorization: Bearer $VOXTAR_API_KEY"

The SDKs read VOXTAR_API_KEY from the environment automatically:

import { Voxtar } from "voxtar";
const voxtar = new Voxtar({ apiKey: process.env.VOXTAR_API_KEY });

Errors

A missing or invalid key returns 401 Unauthorized; a valid key without access to the requested resource returns 403 Forbidden. Error bodies follow a stable shape:

{
"error": {
"type": "invalid_api_key",
"message": "No API key provided. Set an Authorization: Bearer header."
}
}

Handling PHI

Voxtar is built so you never have to send protected health information. Identify patients with your own pseudonymous external_id; audio is analyzed in memory and discarded, and only derived acoustic features are stored. Configure retention and regional processing per workspace in the dashboard.