Authentication
The AI agents API supports two types of authentication, depending on the endpoint and your setup.
Custom CRM API key
Some endpoints require authentication using a custom CRM API key. This key is a secure string value that identifies and authenticates your integration. Each request to these APIs must include your API key in the Authorization header.
APIs that support Custom CRM API key authentication include:
To retrieve your API Key, follow the steps in How to set up a custom CRM in dashboard. Once configured, the API key will be visible on the Organization management page.
You can regenerate your API key from the overview page at any time. Regenerating the key will immediately invalidate the previous one, only the newest key remains active. For security reasons, we recommend rotating your API keys regularly.
Organization API key
If you haven't set up a Custom CRM integration, you can use an organization-wide API key. When using this key, include both the API key and the organizationid as HTTP headers in each request.
To generate an organization API key:
- In AI agents - Advanced, select Organization management > Organization management.
- Click API Key in the left-hand menu.
- Click Generate.
- Click Save.
- Copy your new API key and store it in a secure location.
Note: Regenerating your organization API key invalidates the previous key. Only one key is active at a time.
Security best practices
- Never share your API key with anyone outside your organization or publish it in public code repositories.
- Store API keys securely, such as in an environment variable or a secret management tool. Avoid saving credentials in plaintext or directly in your codebase.