API Authentication
Learn how to authenticate your API requests to WizChat.
Overview
All API requests require authentication using an API key.
Getting an API Key
- Go to "Settings" > "API"
- Click "Generate API Key"
- Give the key a name (e.g., "Production API")
- Select permissions
- Click "Create"
- Copy the key immediately
warning
API keys are shown only once. Store them securely.
Using Your API Key
Include the API key in the Authorization header:
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.wizchat.com/v1/chatbots
Header Format
Authorization: Bearer YOUR_API_KEY
Key Permissions
When creating a key, choose permissions:
| Permission | Description |
|---|---|
| Read | View chatbots, queries |
| Write | Send messages, update settings |
| Admin | Full access including delete |
Read-Only Key
{
"name": "Analytics Integration",
"permissions": ["read"]
}
Full Access Key
{
"name": "Backend Service",
"permissions": ["read", "write", "admin"]
}
Key Management
Viewing Keys
- Go to "Settings" > "API"
- See all active keys
- View last used date
Revoking Keys
- Find the key in the list
- Click "Revoke"
- Confirm revocation
Revoked keys stop working immediately.
Rotating Keys
Best practice: rotate keys periodically.
- Create a new key
- Update your applications
- Revoke the old key
Security Best Practices
Do
- Store keys in environment variables
- Use different keys for different environments
- Rotate keys regularly
- Use minimum required permissions
- Monitor key usage
Don't
- Commit keys to version control
- Share keys via email or chat
- Use production keys in development
- Give more permissions than needed
Environment Variables
Store your API key in environment variables:
# .env file
WIZCHAT_API_KEY=your_api_key_here
// Access in code
const apiKey = process.env.WIZCHAT_API_KEY;
Error Responses
Invalid Key
{
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid API key"
}
}
Missing Key
{
"error": {
"code": "UNAUTHORIZED",
"message": "API key required"
}
}
Revoked Key
{
"error": {
"code": "UNAUTHORIZED",
"message": "API key has been revoked"
}
}
IP Restrictions
Optionally restrict keys to specific IPs:
- Go to "Settings" > "API"
- Click on a key
- Add allowed IP addresses
- Save