WebRTC Token Generation — Create Authentication Token
Generate a bearer token for authenticating subsequent Exotel WebRTC SDK and IP-PSTN API calls. Tokens are valid for 90 days and required for every WebRTC integration call.
This is the token generation endpoint that you call with your Client ID (CustomerID or AppID) and Client Secret (CustomerSecret or AppSecret) to obtain the bearer token used in all subsequent WebRTC API calls.
Endpoint
WebRTC integrations APIs are served from a dedicated integrationscore host — this is separate from the standard Voice / SMS API host (api.exotel.com Singapore / api.in.exotel.com Mumbai). Use the WebRTC-specific endpoint below regardless of which Voice/SMS region you use.
POST https://integrationscore.mum1.exotel.com/v2/integrations/token
If your Exotel account is provisioned in the Singapore region and you usually call api.exotel.com for Voice and SMS APIs, the WebRTC token generation endpoint is not on api.exotel.com — it lives on the dedicated integrationscore host shown above. Your Singapore Client ID / Client Secret will work against this URL. If you have been issued a region-specific WebRTC host, use that; otherwise reach out to your Exotel account manager for the right base URL for your account.
Headers
| Header | Value |
|---|---|
Content-Type | application/json |
Request Parameters
| Parameter | Required | Type | Description |
|---|---|---|---|
Id | Yes | String | Entity identifier -- CustomerID or AppID |
Secret | Yes | String | Entity credential -- CustomerSecret or AppSecret |
Entity | Yes | String | "customer" or "app". Determines which entity type is authenticating. |
Code Examples
- cURL
- Node.js
- Python
- PHP
curl --location --request POST 'https://integrationscore.mum1.exotel.com/v2/integrations/token' \
--header 'Content-Type: application/json' \
--data-raw '{
"Id": "99fa98a1-2ce0-457c-9371-0d3a01eb6ef0",
"Secret": "5b8215f7-8595-42c0-9b63-404bcc474f94",
"Entity": "customer"
}'
const url = 'https://integrationscore.mum1.exotel.com/v2/integrations/token';
const response = await fetch(url, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
Id: '99fa98a1-2ce0-457c-9371-0d3a01eb6ef0',
Secret: '5b8215f7-8595-42c0-9b63-404bcc474f94',
Entity: 'customer',
}),
});
const data = await response.json();
console.log(data);
import requests
import json
url = "https://integrationscore.mum1.exotel.com/v2/integrations/token"
payload = json.dumps({
"Id": "99fa98a1-2ce0-457c-9371-0d3a01eb6ef0",
"Secret": "5b8215f7-8595-42c0-9b63-404bcc474f94",
"Entity": "customer"
})
headers = {
'Content-Type': 'application/json'
}
response = requests.post(url, headers=headers, data=payload)
print(response.json())
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://integrationscore.mum1.exotel.com/v2/integrations/token',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => json_encode(array(
'Id' => '99fa98a1-2ce0-457c-9371-0d3a01eb6ef0',
'Secret' => '5b8215f7-8595-42c0-9b63-404bcc474f94',
'Entity' => 'customer'
)),
CURLOPT_HTTPHEADER => array(
'Content-Type: application/json'
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
?>
Response
{
"RequestId": "f4f76061-3c01-410e-be49-55a17049cf35",
"Status": "Success",
"Code": 200,
"Error": "",
"Data": "OTlmYTk4YTEtMmNlMC00NTdjLTkzNzEtMGQzYTAxZWI2ZWYw"
}
Response Fields
| Field | Type | Description |
|---|---|---|
RequestId | String | Unique request identifier |
Status | String | "Success" or "Failed" |
Code | Integer | HTTP status code |
Error | String | Error message (empty on success) |
Data | String | The bearer token to use in Authorization header for subsequent requests |
HTTP Status Codes
| Code | Description |
|---|---|
200 | Token generated successfully |
400 | Invalid input parameters |
401 | Invalid credentials |
500 | Server error |
- Use
Entity: "customer"to get a customer-level token for managing applications - Use
Entity: "app"to get an app-level token for managing users, settings, and making calls - Tokens expire after 90 days