Authentication

Endpoint Authentication

To be authorized in our API, every request to our systems needs to include 2 headers (Authorization and botId). The botId can be found in the URL of the bot’s page on Ultimate’s dashboard.

API Key

Our chat endpoints are protected by an API Key. API keys are in string form, and they are used to identify and authenticate an application or user. To authenticate all requests coming from the custom CRM, it needs to include its API Key under Authorization header. List of APIs that support this API Key:

To get the API Key please complete the How to set up a custom CRM in Dashboard. The API Key will be visible on the Overview page of the custom CRM in Ultimate’s dashboard.

It’s possible to change the API Key at any moment by using the buttons on the overview page. The keys should be changed on the regular basis to improve security.

Changing the key will instantly invalidate the previous one, there can only be one key that is active.

Security practices

Please do not share the API Key with other users or applications and don’t publish them in public code repositories. Please make sure to use a secure method for storing the environment variables, such as a secret management tool. Storing sensitive data like API keys in plaintext or in the codebase can be a security risk.