Mint a bounded client token
Issues a short-lived, downscoped token (rdc_…) that is safe to ship into an untrusted client app. The token is restricted to the from_numbers (caller IDs) and to_numbers (destinations) you specify, so it can only place calls within those bounds — never from any number to any number. Present it on the same Authorization: Bearer header in place of your API key; the WebRTC SDK accepts it directly. The token’s bounds must fall within this key’s own number allowlist and its scopes; it is stateless and revoked by expiry. This endpoint requires a real API key — a minted token cannot mint further tokens.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Headers
UUID — when present, deduplicates repeat submissions. See /api-reference/idempotency.
Body
1 - 50 elements^\+[1-9]\d{1,14}$200^\+[1-9]\d{1,14}$account:read, voice:read, voice:write, voice:webrtc, calls:read, calls:write, agents:read, agents:write, phone_numbers:read, phone_numbers:write, sms:read, sms:write, caller_trust:read, caller_trust:write, brand:read, brand:write, sub_entities:read, sub_entities:write, usage:read, tokens:mint 60 <= x <= 3600Response
Success