Environments
Use separate API keys and SIP credentials per environment:- Development
- Staging
- Production
Authentication strategy
For public integrations:- Use secret key calls from your backend for API access.
- Mint short-lived realtime
session_tokenvalues for browser sockets.
Realtime reliability
- Reconnect sockets on disconnects.
- Rejoin
eventschannel after reconnect. - Re-mint ephemeral
session_tokenvalues before expiry. - Keep an initial call snapshot and merge realtime deltas.
- Keep periodic refresh paths for resiliency.
Telephony safety controls
- End calls explicitly with
endCall. - SIP access revocation happens automatically when agents leave or calls end.
- Log all call-control failures and show operator-visible errors.
Monitoring
Track these metrics:- Outbound call start success rate.
- Time to answer.
- Call completion/error rate.
- Realtime socket disconnect/reconnect rate.
- Realtime session token mint failures.
- SIP credential issuance and revocation failures.
Troubleshooting
Realtime events are missing
Realtime events are missing
Verify your backend mints
POST /api/realtime/session successfully and the browser connects with socketOptions.params.session_token before joining events.Realtime session endpoint returns auth errors
Realtime session endpoint returns auth errors
Confirm the request includes
x-api-key with a secret key. Publishable keys cannot mint realtime session tokens.RPC calls return auth errors
RPC calls return auth errors
Confirm RPC calls run from your backend with the secret key and that browser clients do not call privileged endpoints directly.
Call controls fail intermittently
Call controls fail intermittently
Add retries for transient network errors and keep call-end operations idempotent on the client side.
Related pages
- Quickstart:
/quickstart - Getting started (classic):
/guides/getting-started-classic - Realtime session tokens:
/guides/realtime-session-tokens - RPC action reference:
/sdk-js/rpc-actions