Getting started

From zero to first API call in about ten minutes.

1. Generate an API key

Sign in to the dashboard as an organization admin and navigate to Settings → API Keys. Click Generate New Key, give it a descriptive name (e.g. "Zapier sync", "Analytics ETL"), and choose a scope:

read — lists, gets. Use this for reporting, analytics, and anything that only needs to observe.
write — everything read can do, plus creates, updates, deletes. Use only when your automation needs to modify data.

The plaintext key is shown once at creation. Copy it immediately — after closing the modal, only a short prefix remains visible in the dashboard for identification.

Treat the key like a password. Anyone with it can call the API on your org's behalf within the key's scope. Don't commit it to source control, don't paste it into chat, and rotate it (generate new, revoke old) on any suspicion of exposure.

2. Make your first request

Every endpoint lives under /v1/. Authenticate by sending your key in the Authorization header as a bearer token:

curl https://api.allisonvoice.com/v1/me \
  -H "Authorization: Bearer av_live_YOUR_KEY_HERE"

You should get back a response like:

{
  "data": {
    "org_id": "0e6b01ee-f0ea-44d7-bb66-9c755b1e593f",
    "org_name": "Your Organization",
    "key_id": "9768a69d-d645-412e-bcc2-8edf5be02475",
    "key_name": "Zapier sync",
    "key_prefix": "av_live_sphk",
    "scopes": ["read"]
  }
}

If you see {"error":"unauthorized"} instead, the key is malformed, revoked, or was never valid. Check the authentication guide for a malformation checklist.

3. Explore the resources

Most of the dashboard's data is exposed as REST resources. A few highlights to try next:

GET /v1/locations

All locations for your org. Good for confirming isolation — you should only see your own.

GET /v1/facts

Knowledge base facts Allison uses during calls. Create, update, or delete here and the agent picks up the change within seconds.

GET /v1/calls?limit=10

Call history with summaries. Get a single call by id for the full transcript and scoring rationales.

GET /v1/contacts?search=smith

Caller contacts with name/phone/email search. The lite CRM under the hood.

Full endpoint reference with request and response shapes lives in the API Reference.

4. Wire it into automation

The API is designed to be consumed by any HTTP client. Common integration paths:

Zapier — use "Webhooks by Zapier → Custom Request" with your API key in the Authorization header. Every Allison endpoint is reachable this way. No native Zapier app required.
Make / n8n / Pabbly — identical pattern. HTTP Request module with bearer auth.
Custom scripts — any language with an HTTP client. Keep keys in environment variables, never hard-coded.
Outbound webhooks — Allison POSTs events to URLs you configure when calls end, callbacks are requested, appointments are booked, etc. Combine with the read API for two-way sync with your CRM. See the webhooks guide.

Next steps

Authentication — key format, scopes, rotation, and best practices
Rate limits — limits per scope, Retry-After behavior, recommended backoff
Errors — uniform error shape and how to handle each status code
API Reference — every endpoint, request body, response shape, and try-it-out console