Authentication

Endpoint Authentication

Our system supports two types of authentication, depending on the endpoint and your set-up you will use one or the other.

  • Custom CRM API Key
  • Organization API Key

Custom CRM API Key

Our chat endpoints are protected by an API Key. API keys are in string form, and are used to identify and authenticate an application or user. All requests coming from your application need to include an API Key under Authorization header. You can find the list of APIs supporting this API Key below:

To get the API Key you have to complete the How to set up a custom CRM in dashboard. The API Key will be visible on the Overview page of your application in Ultimate’s dashboard.

It is possible to change the API Key at any moment by using the buttons on the overview page. Please note that the keys should be changed on a regular basis to ensure security.

Changing the key will instantly invalidate the previous one, there can only be one active key.

Organization API key

If you don’t have a Custom CRM set-up you can alternatively use the organization-wide general purpose API Key, you’ll need to add the organizationid header to your requests and here is how to set it up:

  1. Navigate to User Management -> Organization Management
  2. Open your Organization profile
  3. Navigate to API Key on the left menu
  4. Click on Generate and hit the save button
  5. Copy the key and keep it safe
Generate API Key
Generate API Key

Changing the key will instantly invalidate the previous one, there can only be one active key.

Security practices

Please do not share the API Key with other users or applications or publish them in public code repositories. Please make sure to use a secure method for storing the environment variables, such as a secret management tool. Storing sensitive data like API keys in plaintext or in the codebase can be a security risk.