Hi, I'm trying to understand how to configure origin restriction for web calls and it seems that it's not working now. For testing purposes I have specifically created a public key with origin pointing to non-existent address https://disabled.ai Then I use this key to start a web call via https://api.vapi.ai/call/web on my staging and the call is created and working. Can anyone help to configure this restriction properly? The example of call id is c7c3f667-3ee9-4662-83a5-5c58a7d7aead The orgId is bcf07653-c509-4e14-80c4-842b247509a9 Key name is "Disabled Origin"

Looking into it

Hey @vpd we don't support generating JWT tokens with public keys. Instead, you should create public-scoped JWT tokens using your private key.

@Shubham Bajaj @Kings_big💫 Hi, I don't quite understand how JWT is related to my issue of restricting the API key origin. I generate API key via https://dashboard.vapi.ai/org/api-keys. Could you elaborate please or point to some example that will allow me to get working origin-restricted API key for my web-client?

Hey VPD, let me check this and get back to you with proper documentation and steps on how to get this done. Apologies, but I'll take a day. I'm having a headache right now, so might not be looking into this immediately.

Ok, thanks for confirming! If there is any workaround for it I would love to know/use.

Let me check if what can be resolved using Private API Key signed JWT Tokens.