API Authentication
Secure your API requests using API keys.
API Keys
All API requests require authentication using an API key. Include your key in the request header:
HTTP Header
Authorization: Bearer YOUR_API_KEYGenerating API Keys
- Go to Settings → API Keys
- Click "Generate New Key"
- Give your key a descriptive name
- Copy and securely store your key
Keep Your Keys Secret
Never expose API keys in client-side code or public repositories. Use environment variables.
Example Request
cURL
curl -X GET "https://your-instance.elestio.app/api/v1/employees" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json"Authentication Errors
| Error Code | Description |
|---|---|
UNAUTHORIZED | Missing or invalid API key |
FORBIDDEN | API key lacks required permissions |
KEY_EXPIRED | API key has been revoked or expired |
Key Permissions
API keys can be scoped with specific permissions:
- Read - View employees and conversations
- Write - Create and update resources
- Delete - Remove resources
- Admin - Full access including settings