OperationsCRM integration
CRM API keys
How external CRMs authenticate to trigger outbound calls.
Purpose
CRM API keys allow external systems to trigger outbound calls without an admin JWT.
Endpoint:
POST /api/v1/sip/dialout
X-API-Key: vx_...
Content-Type: application/jsonCreate a key
In Ori Console:
- Go to Dashboard → API Keys.
- Create a key for the CRM/integration.
- Copy the full key immediately.
- Store it in the CRM secret manager.
The full key is shown only once. After that only the masked prefix is visible.
Key format
Keys use:
vx_ + 32 random charactersOri API stores only a SHA-256 hash in MongoDB.
Expiry and active state
Each key is checked on every authenticated request:
| Control | Behavior |
|---|---|
Active toggle (is_active) | An inactive key is rejected at auth. Deactivate instead of deleting to keep an audit trail. |
Expiry (expires_at) | Optional. When set and in the past, the key is rejected. Leave unset for a non-expiring key. |
Set an expiry when handing a key to a short-lived integration or pilot. Deactivate (or let it expire) to revoke access without rotating other keys.
Dialout payload
CRM-friendly payload:
{
"bot_id": "bot-id-here",
"to_number": "+919999999999",
"variables": {
"CUSTOMERNAME": "Rajesh",
"due_amount": "50000"
}
}variables is an alias for connected_event. Do not send both in the same request.
Ops checks
- key is active
- bot exists and is active
- fleet has available capacity
- number is in correct format for carrier
- variables match bot prompt/policy fields