dialnote has a public API so you can read your call data from your own apps, scripts, or an AI assistant. You create a scoped key, send it as a bearer token, and pull contacts, conversations, call logs, and more. If you'd rather push events out of dialnote instead of pulling them in, look at Webhooks or Zapier for the write-side automation.
This guide covers three things: creating API keys, the read-only key option, and connecting an AI assistant over MCP.
Creating an API Key#
Go to Settings → API Keys and click Create API Key. Give the key a name you'll recognize later (e.g. "Reporting script" or "Claude Desktop"), then create it.
The full key is shown once, at creation. It starts with dn_live_. Copy it and store it somewhere safe—a password manager or your app's secrets store. dialnote can't show it to you again, so if you lose it you'll have to create a new one.
A few things worth knowing:
- Keys are org-scoped — a key works for your whole organization, not a single user.
- You can have up to 25 active keys per org.
- You can revoke any key anytime from the same screen. A revoked key stops working right away.
Authenticating#
Send the key as a bearer token on every request to the public API:
curl https://api.dialnote.com/v1/contacts \ -H "Authorization: Bearer dn_live_your_key_here"
That's it—no other setup. The API returns JSON.
Treat keys like passwords
Anyone with a full-access key can act as your org through the API, including placing calls and sending messages. Don't commit keys to git, paste them into chats, or hand them to software you don't trust. If a key leaks, revoke it.
Read-Only Keys#
When you create a key, you can turn on the Read-only key toggle in the Create API Key modal. A read-only key can read your data but can't change anything.
Reads work as normal—listing and fetching contacts, conversations, call logs, messages, recordings, and notes all return 200. Writes are blocked. Anything that would create, update, delete, or send returns:
HTTP 403
{ "error": "INSUFFICIENT_PERMISSIONS" }
So POST /messages, POST /contacts, PATCH /contacts/:id, and DELETE /contacts/:id all get a 403 on a read-only key. Only a full-access key can run those.
Once created, a read-only key shows a Read-only badge—both on the created-key screen and in the key list—so you can tell at a glance which keys are scoped.
When to use read-only#
Reach for a read-only key any time a key leaves your own trusted code—third-party software, a partner's app, or an AI agent. It caps the blast radius if the key ever leaks. A leaked full-access key could place calls or send messages on your dime; a leaked read-only key can only read. For anything that just needs to look at your data, read-only is the safer default.
What a read-only key can access#
| Resource | Read | Notes |
|---|---|---|
| Contacts | ✓ | List and get |
| Conversations | ✓ | List and get |
| Call Logs | ✓ | Duration, direction, status |
| Conversation Notes | ✓ | Notes on a conversation |
| Contact Notes | ✓ | Notes on a contact |
| Messages | ✓ | Message history (sending is a write) |
| Recordings | ✓ | Recording URL and metadata |
Connect an AI Assistant over MCP#
Early access
The dialnote MCP server is early access and isn't publicly available yet. The setup below shows how it works so you can plan for it. Read-only key support is live and safe to use today with the regular API.
MCP (Model Context Protocol) is a standard way for AI assistants to call your tools and data. Instead of copying call notes into a chat by hand, the assistant connects to dialnote directly and reads what it needs, when it needs it.
The model is simple: the assistant connects to the dialnote MCP server using a read-only dn_live_ key. From there it can read your contacts, conversations, call logs, and the rest of the resources above—on request, during a conversation. Because the key is read-only, writes stay blocked. The assistant can't send a message or delete a contact even if asked; those attempts come back as 403 INSUFFICIENT_PERMISSIONS.
This works with any MCP client—Claude Desktop, Cursor, Retell voice agents, or a custom app. Point the client at the dialnote MCP server and pass your read-only key as an environment variable:
{
"mcpServers": {
"dialnote": {
"command": "npx",
"args": ["-y", "@dialnote/mcp-server"],
"env": {
"DIALNOTE_API_KEY": "dn_live_your_read_only_key_here"
}
}
}
}
Use a read-only key here
Always hand an AI assistant a read-only key. The assistant reads your data on your behalf, and read-only keeps it from making changes—so a stray prompt or a compromised client can't place calls or send messages.
What to expect#
- Read-only today — the assistant can read contacts, conversations, call logs, notes, messages, and recording metadata.
- Writes are a later step — write tools (like sending a message) would need a full-access key and will be a separate, confirmation-gated feature. They aren't part of the read-only MCP setup.
Next Steps#
- Set up webhooks to push call events out to your systems
- Connect Zapier for no-code automation across 5,000+ apps
- Browse all integrations