Publishable Keys
Publishable keys allow you to create frontend-safe calls without exposing a secret management key.
Overview
Publishable keys are strictly scoped:
- Write-only: They can create calls, but they cannot list history or manage tenant settings.
- Agent-scoped: Each key is tied to a specific Agent UUID.
- Channel-scoped: A key can allow
web,phone, or both. - Optional default caller ID: Phone-enabled keys can carry a
default_from_number.
Generate a Key
Generate a new publishable key for a specific agent.
http
POST /v1/keys/publishableParameters
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
agent_id | uuid | Yes | — | Agent this key is allowed to use |
label | string | Yes | — | Human-readable label, max 100 chars |
allowed_channels | string[] | No | ["web"] | Allowed channels. Values: web, phone |
audience | string | No | sdk | Values: sdk or landing_demo |
default_from_number | string | No | null | Caller ID for phone-enabled publishable calls |
Request
bash
curl -X POST https://api.rymi.live/v1/keys/publishable \
-H "Authorization: Bearer $RYMI_SECRET_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "550e8400-...",
"label": "Production Landing Page",
"allowed_channels": ["web", "phone"],
"audience": "landing_demo",
"default_from_number": "+15557654321"
}'Response 201
json
{
"key": "sb_publishable_deadbeef...",
"agent_id": "550e8400-...",
"label": "Production Landing Page",
"allowed_channels": ["web", "phone"],
"audience": "landing_demo",
"default_from_number": "+15557654321"
}IMPORTANT
The plaintext key is only returned once. Store it securely in your frontend environment variables.
List Keys
Retrieve all active publishable keys for your account.
http
GET /v1/keys/publishableResponse 200
json
{
"keys": [
{
"id": "...",
"key_prefix": "sb_publishable_deadbeef...",
"agent_id": "...",
"label": "Production Landing Page",
"allowed_channels": ["web"],
"audience": "sdk",
"default_from_number": null,
"created_at": "2026-03-15T..."
}
]
}Revoke a Key
Instantly invalidate a publishable key.
http
DELETE /v1/keys/publishable/:idPath Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
id | uuid | Yes | Publishable key ID from GET /v1/keys/publishable |
Response 200
json
{
"success": true
}Using Publishable Keys With Calls
- Use the key as
Authorization: Bearer sb_publishable_.... - Legacy
rymi_pk_...publishable keys remain valid, but newly generated keys usesb_publishable_.... - For WebRTC calls, call
POST /v1/callswith awebrtcparticipant. - For PSTN calls, the key must include
phoneinallowed_channels. - Publishable phone calls can only target a single PSTN participant and are typically paired with
default_from_number. - Publishable keys cannot list history, manage agents, manage numbers, create other keys, or fetch recordings.