Voyager uses a two-layer authentication model: API keys identify the tenant, and the X-User-Id header selects which LinkedIn account to use within that tenant. Single-user tenants can omit the X-User-Id header and Voyager defaults to the only user.
Every Voyager response is wrapped in { success, statusCode, message, data, errors }. Access endpoint payloads as res.data.<field>. See Introduction.
Every request to Voyager must include:
Tenant API keys use the voy_ prefix and are scoped to a single tenant. A tenant can have multiple keys for different environments or team members.
Response:
The full API key is only shown once at creation time. Store it securely. Voyager stores a SHA-256 hash, so the key cannot be recovered.
Admin endpoints (/api/admin/*) use a different authentication scheme. The ADMIN_SECRET environment variable is set at server startup, and requests authenticate with:
Admin routes manage tenants, users, session overrides, and system diagnostics. They are not scoped to a specific tenant.
The easiest way to sync your LinkedIn session is the Voyager Chrome Extension. It:
li_at, JSESSIONID, and SalesNav cookies automaticallyPOST /api/sessionInstall the extension from chrome://extensions (developer mode) by loading the extension/ directory.
The extension captures both LinkedIn and SalesNav cookies. When li_a is detected, the export button shows ”(+ SalesNav)” to confirm SalesNav access will be synced.
POST /api/session with cookies and userAgentsessionValid: true/falsesession_expired webhookYou can re-sync cookies at any time without downtime. Voyager replaces stored cookies atomically and invalidates per-request caches (CSRF, mailbox URN) that depend on the old session. In-flight requests complete against the old cookies; the next request picks up the new ones.
session_expired webhooks so your agent can alert when re-authentication is neededADMIN_SECRET should be a strong random string (64+ hex characters)