Is there any way to ensure that the api call is from Vapi or have Vapi pass an auth bearer token for server events or tool calls?

@msu Yes, you can ensure that the API call is from Vapi by using the

serverUrlSecret

that Vapi will send with every request to your server. This secret will be sent as a header called

x-vapi-secret

. You can set this secret in your Vapi settings, and then verify this secret on your server to authenticate the requests. For bearer token authentication, you can use the

Authorization

header. Vapi can pass an auth bearer token in the

Authorization

header when making requests to your server. You'll need to configure the bearer token in your Vapi settings, and then your server can validate this token to authenticate the requests. Would you like to know how to set these up or have any other questions regarding authentication?

yes where in vapi do i set these?

@msu Sweet. Have a great day!