Authentication
We enforce HTTP-header-based API-key authentication on the endpoints that provide functionality.
Your API Key can be obtained after signing up for the service, and renewed/changed at any time.
Example:
Header | Value | Description |
---|---|---|
X-User-API-Key | my_api_key_value | Your API Key |
Test your API key
You can test your API key by making a request to the info
endpoint. If it succeeds, your programmatic connection to 2Chat is ready 😏.
curl --request GET 'https://api.p.2chat.io/open/info' \
--header 'X-User-API-Key: my_api_key_value'
CORS
For security reasons we enforce same-origin policy. Calling this API from a browser will result in CORS errors and will also leak your API key to anyone looking the HTML or Javascript code of your site.
For example, calling api.p.2chat.io/open/send-message
from a browser will fail, but calling that same endpoint indirectly using an endpoint that runs
in your servers like myapp.com/send-message
, will work.