Configuration

Configuration variables

Reference of variables that control SIVO behavior per tenant — JWT, recording storage, STT/LLM/TTS providers, integrations.

Updated: May 19, 2026

configurationenvsecrets

Where to configure

Almost everything is configured from the UI:

Here we document the backend keys reflecting those values, useful if you manage SIVO via API or export configuration.

Key	Type	Default	Description
`tenant.slug`	string	(generated)	URL-safe tenant identifier (`acme`, `globex`). Used in SIP/dashboard subdomains.
`tenant.sip_domain`	string	`<slug>.sip.sivocenter.com`	Own SIP domain. Extension registrations go against this.
`tenant.dashboard_url`	string	`<slug>.app.sivocenter.com`	Backoffice URL.
`tenant.default_locale`	enum	`es`	`es \| en \| de \| fr \| it \| pt`.
`tenant.timezone`	IANA	`Europe/Madrid`	For schedule evaluation and CDR.

Key	Type	Default	Description
`auth.jwt_ttl_sec`	int	`86400`	JWT lifetime (24h).
`auth.refresh_ttl_sec`	int	`2592000`	Refresh token lifetime (30 days).
`auth.password_min_length`	int	`8`	Min password length.
`auth.login_max_attempts`	int	`5`	Temp lockout after N failures in 15 min.
`auth.mfa_required_roles`	array	`['admin','superadmin']`	Roles with mandatory MFA.

Key	Type	Default	Description
`recording.default_format`	enum	`wav`	`wav \| mp3 \| ogg`.
`recording.default_retention_days`	int	(per plan)	30 (Starter) / 180 (Pro) / config (Enterprise).
`recording.default_provider_id`	uuid	(managed)	Default provider (SIVO managed).
`recording.kms_enabled`	bool	`true`	Server-side encryption mandatory in buckets.

Key	Type	Default	Description
`transcription.engine`	enum	`deepgram`	`deepgram \| elevenlabs_scribe_v2_realtime \| whisper`.
`transcription.language`	ISO 639-1	`es`	Default expected language. Per-DID override.
`transcription.speaker_separation`	bool	`true`	If enabled, caller+agent captured in separate forks.
`transcription.policy_retention_days`	int	`90`	Retention sealed at record creation.
`transcription.push_to_sf`	bool	`false`	Enable push to Salesforce SCRT2 (requires integration).

Key	Type	Default	Description
`ai.stt_provider`	string	`deepgram`	STT provider.
`ai.stt_model`	string	`nova-2`	Specific model.
`ai.llm_base_url`	url	`https://api.groq.com/openai/v1`	OpenAI-compatible endpoint.
`ai.llm_model`	string	`llama-3.1-70b-versatile`	LLM model.
`ai.tts_provider`	string	`elevenlabs`	TTS provider.
`ai.tts_model`	string	`eleven_multilingual_v2`	`_v2` (no audio tags) or `_v3` (with audio tags).
`ai.tts_voice_id`	string	(per language)	Default voice.
`ai.max_turns`	int	`20`	Safety turn cutoff.
`ai.max_duration_sec`	int	`600`	Timeout cutoff.
`ai.barge_in_cooldown_ms`	int	`300`	Anti-echo cooldown after playback.
`ai.speech_min_ms`	int	`400`	VAD min ms to count as utterance.

Key	Type	Default	Description
`sf.connected_orgs`	array	`[]`	Connected SF orgs. Multi-org supported.
`sf.jwt_keypair_id`	string	`global`	Shared global RS256, or per-org keypair ID.
`sf.scrt_base_url`	url	(auto)	SCRT2 endpoint (auto-discovered via OAuth).
`sf.user_mappings`	array	`[]`	PBX user ↔ SF user mappings (auto-import + manual).
`sf.push_transcripts`	bool	`false`	Enable transcript push to Conversation/ConversationEntry.
`sf.message_provider_name`	string	`calltree`	`Telephony-Provider-Name` header. DO NOT CHANGE without SF admin coordination.

Key	Type	Default	Description
`webhooks.signing_secret`	string	(generated)	HMAC SHA-256 secret per endpoint.
`webhooks.retry_max_attempts`	int	`6`	Exponential backoff retries: 5s, 30s, 2m, 10m, 1h, 6h.
`webhooks.timeout_ms`	int	`10000`	Per-request timeout.
`webhooks.dlq_retention_days`	int	`30`	Days the event remains in queryable DLQ.

Configured per endpoint, not per tenant. Applied values:

For custom limits (Enterprise), contact support.

curl -H "Authorization: Bearer $TOKEN" \
  https://api.sivocenter.com/api/config | jq

Only returns keys your role can see. Some (secrets, JWT keys) are redacted — to view them log into the dashboard as admin.

→ For key rotation details, see JWT key rotation.