Security API
Centralized token generation, validation, and security management for VoiceStamp platform.
Centralized Security System
VoiceStamp uses a centralized token generation system that provides different security levels based on use case. All tokens are cryptographically secure and tracked for audit purposes.
Token Types
64-bit Tokens
Use Case: Short-lived codes for email/SMS verification
Example:
123456Expiration: 5-15 minutes
Security Level: Medium
128-bit Tokens
Use Case: User authentication sessions
Example:
us_a1b2c3d4e5f6789...Expiration: 30 days
Security Level: High
256-bit Tokens
Use Case: Application API keys for service integration
Example:
ak_f7e8d9c0b1a2345...Expiration: 1 year
Security Level: Very High
512-bit Tokens
Use Case: Infrastructure-level access for system operations
Example:
inf_9876543210abcde...Expiration: No expiration
Security Level: Maximum
API Endpoints
POST
/api/v1/security/tokenGenerate Security Token
Generate tokens for different security levels and use cases.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| use_case | string | Required | Token purpose: "temporary_code", "user_session", "api_key", or "infrastructure" |
| expires_in | integer | Optional | Token expiration in seconds (optional) |
POST
/api/v1/security/validateValidate Token
Validate any security token and get its details.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | string | Required | Token to validate |
POST
/api/v1/security/revokeRevoke Token
Revoke a specific token or all tokens for a user.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| token | string | Optional | Specific token to revoke (optional) |
| revoke_all | boolean | Optional | Revoke all user tokens (optional) |
GET
/api/v1/security/auditSecurity Audit Log
Get security events and access logs for the authenticated user.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
| limit | integer | Optional | Number of events to return (default: 50) |
| offset | integer | Optional | Pagination offset (default: 0) |
Security Best Practices
Token Storage
- Store tokens securely using browser localStorage or secure server storage
- Never log tokens in application logs or debugging output
- Use HTTPS for all API calls to protect tokens in transit
- Implement token rotation for long-lived applications
Token Expiration
- Monitor token expiration and refresh before they expire
- Handle 401 responses gracefully by clearing expired tokens
- Use shorter expiration times for sensitive operations
- Implement automatic token refresh for user sessions
Security Violations
- Never share API tokens between different applications or users
- Revoke tokens immediately if compromise is suspected
- Monitor security audit logs for unusual activity
- Use infrastructure tokens only for system-level operations
Code Examples
Generate API Key
POST /api/v1/security/token
Authorization: Bearer YOUR_TOKEN
{
"use_case": "api_key",
"expires_in": 31536000
}
Response:
{
"success": true,
"data": {
"token": "ak_f7e8d9c0b1a234567890abcdef123456",
"type": "api_key",
"expires_at": "2026-01-15T10:30:00Z",
"created_at": "2025-01-15T10:30:00Z"
}
}Validate Token
POST /api/v1/security/validate
Authorization: Bearer YOUR_TOKEN
{
"token": "us_a1b2c3d4e5f6789012345678901234"
}
Response:
{
"success": true,
"data": {
"valid": true,
"type": "user_session",
"expires_at": "2025-02-14T10:30:00Z",
"user_id": "uuid-here",
"permissions": ["read", "write"]
}
}