API Authentication

Documentation Index

Fetch the complete documentation index at: https://docs.vobiz.ai/llms.txt

Use this file to discover all available pages before exploring further.

​

Authentication Method

​

Getting Your API Credentials

1. Log in to the Vobiz Console - Navigate to console.vobiz.com and sign in.
2. Navigate to API Settings - Go to Settings → API Keys in the left sidebar.
3. View or Create API Keys - Your Auth ID is always visible. To create a new Auth Token, click Generate New Token.
4. Copy Your Credentials - Copy both the Auth ID and Auth Token to use in your application.

​

Understanding Your Credentials

• X-Auth-ID (Public Identifier) - Your account’s authentication ID. Starts with auth_. This is not secret and identifies your account. Example: auth_1234567890abcdef.
• X-Auth-Token (Secret Key) - Your secret authentication token. Starts with sk_live_ for production or sk_test_ for test mode. Keep this secure! Example: sk_live_abcdefghijklmnopqrstuvwxyz123456.

​

Making Authenticated Requests

​

Required Headers

​

Common Authentication Errors

• 401 Unauthorized - Missing or invalid Auth ID/Token.
• 403 Forbidden - Valid credentials but insufficient permissions.
• Missing headers - Both X-Auth-ID and X-Auth-Token must be present.
• Incorrect header names - Headers are case-sensitive.

​

Code Examples

​

Python

import requests

headers = {
    "X-Auth-ID": "auth_1234567890abcdef",
    "X-Auth-Token": "sk_live_abcdefghijklmnopqrstuvwxyz123456",
    "Content-Type": "application/json",
}

response = requests.get(
    "https://api.vobiz.ai/v1/messaging/channels/whatsapp",
    headers=headers,
)

print(response.json())

​

Node.js

const fetch = require('node-fetch');

const response = await fetch(
  'https://api.vobiz.ai/v1/messaging/channels/whatsapp',
  {
    headers: {
      'X-Auth-ID': 'auth_1234567890abcdef',
      'X-Auth-Token': 'sk_live_abcdefghijklmnopqrstuvwxyz123456',
      'Content-Type': 'application/json',
    },
  }
);

const data = await response.json();
console.log(data);

​

PHP

<?php
$ch = curl_init('https://api.vobiz.ai/v1/messaging/channels/whatsapp');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'X-Auth-ID: auth_1234567890abcdef',
    'X-Auth-Token: sk_live_abcdefghijklmnopqrstuvwxyz123456',
    'Content-Type: application/json',
]);

$response = curl_exec($ch);
curl_close($ch);

print_r(json_decode($response, true));

​

Security Best Practices

• Use environment variables - Store your Auth ID and Token in environment variables (e.g. VOBIZ_AUTH_ID, VOBIZ_AUTH_TOKEN). Do not hardcode them in your source code.
• Never commit credentials - Add credential files to .gitignore to prevent accidentally committing them to version control.
• Use server-side only - Never expose your Auth Token in client-side code (browsers, mobile apps). All API calls should be made from your backend servers.
• Use HTTPS - Always make API requests over HTTPS. The Vobiz API does not support unencrypted HTTP connections.
• Rotate tokens regularly - Rotate your Auth Tokens periodically (every 90 days is recommended) to minimize the impact of a token compromise.
• Monitor API usage - Regularly review API logs in the Console to detect suspicious or unauthorized access patterns.

​

Rotating Auth Tokens

​

Token Rotation Process

1. Generate a new Auth Token in Settings → API Keys.
2. Update your application to use the new token (keep the old one active).
3. Deploy the updated application and verify it is working.
4. Once confirmed, revoke the old token in the console.

​

Zero Downtime Rotation

​

Related Topics

• API Overview →
• Send Message API →
• Channels API →
• Webhook Events →