REST API Authentication

Authenticate your account when using the API by including your secret API key in the request. Your API keys carry many privileges, so be sure to keep them secret! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

The API key must be in the header of every request otherwise the request will fail.
The header name for the API key is apikey.

An example of request is shown below:

curl --request GET \
     --url \
     --header 'accept: application/json' \
     --header 'apikey: your API key'

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

If you need help feel free to contact us at [email protected].

SDK Authentication

To access Kaleyra SDK services (both Web and Mobile) an access token is required.

This operation is usually done in the context of user authentication so that the access token is returned to the client along with the user information. Alternatively, it can be retrieved at a later time. This is an implementation choice.

A back-end service needs to call the API Generate SDK Credentials passing the following payload and using the appropriate userId. The request must contain the REST API key in the header.

   "user_id": "user id",
   "expires_in": 3600
    "expires_at": "2022-01-10T11:41:19.000Z",
    "user_id": "user_xxx"


Access Token Expiration

A refresh policy for the token may be needed to ensure a smooth experience for the user.

The expires_in parameter represents the access token’s expiration time expressed in seconds. It must be chosen within a range between 360 (6 minutes) and 86400 (24 hours).