Mint a Retell access token for a new web call

POST

/v1/voice-tokens

Resolves the widget’s per-tenant Retell credentials from Supabase, verifies the request Origin is in widgets.allowed_origins, then calls Retell’s /v2/create-web-call and returns a single-use access token + session token to the widget. After this hop the Powsoo backend is no longer in the audio path — the widget talks to Retell directly. Returns 404 (widget_unavailable) for any unresolvable case (widget missing, origin mismatch, voice platform unset, decrypt failure) to avoid leaking which step failed.

Request Body

object

widgetId

required

string

/^wid_[A-Za-z0-9]+$/

Responses

200

Token minted successfully

object

platform

required

string

Allowed values: retell

accessToken

required

string

>= 1 characters

callId

required

string

>= 1 characters

expiresAt

required

string format: date-time

sessionToken

required

string

>= 1 characters

400

Invalid request body

object

ok

required

boolean

error

required

object

code

required

string

>= 1 characters

message

required

string

>= 1 characters

requestId

string

>= 1 characters

402

Plan hard cap exceeded — upgrade required

object

ok

required

boolean

error

required

object

code

required

string

>= 1 characters

message

required

string

>= 1 characters

requestId

string

>= 1 characters

404

Widget not found, origin not allowed, or voice platform not configured

object

ok

required

boolean

error

required

object

code

required

string

>= 1 characters

message

required

string

>= 1 characters

requestId

string

>= 1 characters

502

Retell upstream error

object

ok

required

boolean

error

required

object

code

required

string

>= 1 characters

message

required

string

>= 1 characters

requestId

string

>= 1 characters