Endpoint Authentication

Any request to our systems needs to include 2 headers (Authorization and botId). The botId can be found in the URL of the bot’s page on Ultimate’s dashboard.


Our chat endpoints are protected by an API Key. API keys are in string form, and are used to identify and authenticate an application or user. All requests coming from your application need to include an API Key under Authorization header. You can find the list of APIs supporting this API Key below:

To get the API Key you have to complete the How to set up a custom CRM in dashboard. The API Key will be visible on the Overview page of your application in Ultimate’s dashboard.

It is possible to change the API Key at any moment by using the buttons on the overview page. Please note that the keys should be changed on a regular basis to ensure security.

Changing the key will instantly invalidate the previous one, there can only be one active key.

Security practices

Please do not share the API Key with other users or applications or publish them in public code repositories. Please make sure to use a secure method for storing the environment variables, such as a secret management tool. Storing sensitive data like API keys in plaintext or in the codebase can be a security risk.