Skip to main content

API Tokens

What you'll learn
  • What public API tokens are and when you need them
  • How to create, view, and manage tokens
  • Security best practices for handling tokens

Public API Tokens allow external applications, scripts, and services to authenticate with AutoTalk's API. You manage tokens from the Tokens de API page under Integrações in the sidebar.

When you need API tokens

You need an API token whenever an external system needs to communicate with AutoTalk programmatically. Common scenarios include:

  • Connecting a CRM or helpdesk system that pushes or pulls data from AutoTalk
  • Building a custom integration that sends messages or reads conversations through the API
  • Setting up automation scripts that create contacts, update records, or trigger workflows
  • Integrating platforms like Discord or Twitch that are not available as native channel types

Managing tokens

Viewing existing tokens

Navigate to Integrações > Tokens de API. The page displays a list titled Public API Tokens with all of your existing tokens. The list follows AutoTalk's standard CRUD format with options to filter, view, edit, and delete entries.

Creating a new token

  1. On the Public API Tokens page, click the Add new public_api_tokens button.
  2. Fill in the required fields, which may include a name or description to help you identify what the token is used for (for example, "CRM Integration" or "Reporting Script").
  3. Save the token.
  4. Copy the generated token value immediately. Depending on the security model, the full token may only be displayed once.

Editing or deleting a token

  • Click on any token in the list to view its details and edit its settings.
  • To revoke a token, delete it from the list. Any external system using that token will immediately lose access.

Using tokens in API requests

Include the token in the Authorization header of your HTTP requests when calling AutoTalk's API. The exact format depends on AutoTalk's API documentation, but typically looks like:

Authorization: Bearer YOUR_TOKEN_HERE

Security best practices

  • Treat tokens like passwords. Never share them in public code repositories, chat messages, or emails.
  • Use descriptive names. Label each token with the integration or system it belongs to, so you can identify it later.
  • Revoke unused tokens. If an integration is retired or a token is no longer needed, delete it immediately.
  • Rotate tokens periodically. Replace tokens on a regular schedule to reduce the risk if one is accidentally exposed.
  • Limit token scope. If AutoTalk offers permission scopes for tokens, grant only the minimum permissions each integration requires.
tip

If you suspect a token has been compromised, revoke it immediately by deleting it from the Public API Tokens list, then create a new one and update the affected integration.

Next steps