Skip to main content

Authentication

We enforce HTTP-header-based API-key authentication on the endpoints that provide functionality.

Your API Key can be obtained after signing up for the service, and renewed/changed at any time.

Example:

HeaderValueDescription
X-User-API-Keymy_api_key_valueYour API Key

Test your API key

You can test your API key by making a request to the info endpoint. If it succeeds, your programmatic connection to 2Chat is ready 😏.

curl --request GET 'https://api.p.2chat.io/open/info' \
--header 'X-User-API-Key: my_api_key_value'

CORS

For security reasons we enforce same-origin policy. Calling this API from a browser will result in CORS errors and will also leak your API key to anyone looking the HTML or Javascript code of your site.

For example, calling api.p.2chat.io/open/send-message from a browser will fail, but calling that same endpoint indirectly using an endpoint that runs in your servers like myapp.com/send-message, will work.

Learn more about same-origin policy.