Skip to main content

Audience

  • Workspace admins and developers integrating with Voqo APIs/webhooks

Prerequisites

  • Admin role with developer tools access
  • Target workspace selected
  • Secure secret storage available (never plain-text in client code)

Security requirements

  • Treat API keys and webhook secrets as credentials.
  • Store only in secure server-side secret managers or encrypted environments.
  • Rotate on schedule and immediately after suspected exposure.
  • Revoke unused credentials quickly.

Create credentials

API keys

  1. Open Developer Tools.
  2. Create a new API key with clear usage label.
  3. Copy and store key securely (it may not be shown again).

Webhook secrets

  1. Open webhook secret section in Developer Tools.
  2. Create a new secret for each webhook consumer environment.
  3. Store secret securely and configure signature verification.

Rotate credentials

  1. Create replacement key/secret first.
  2. Update all dependent systems.
  3. Validate authentication/signature checks.
  4. Revoke old credential.

Revoke credentials

  • Revoke immediately when:
    • integration no longer needed,
    • ownership changes,
    • key/secret exposure is suspected.

Troubleshooting

API requests returning unauthorized

  • Confirm correct key is used in Authorization header.
  • Confirm key is active and not revoked.
  • Confirm request is scoped to correct workspace.

Webhook verification failing

  • Confirm latest webhook secret is configured on receiver.
  • Validate signature algorithm and timestamp checks.
  • Ensure old secret was not left in production by mistake.
If unresolved, contact support@voqo.ai with workspace ID, key/secret label (not value), and timestamps.