Skip to main content

API Authentication

Texterz provides a secure API for developers to connect AI agents into their own applications and workflows.

1. Authentication Methods

Session Tokens (Client-Side)

When interacting with the API from a frontend application, you should use the session token of the authenticated user.

  • Header: Authorization: Bearer <SESSION_TOKEN>
  • Refresh: Session tokens expire after 1 hour and must be refreshed using the platform's authentication library.

API Keys (Server-to-Server)

For backend tools, you can generate permanent API Keys.

  • Header: X-API-Key: <YOUR_API_KEY>
  • Management: Generate and rotate keys in Settings > API Access.

2. Organization Context

Most API endpoints require an organization ID to isolate data.

  • Header: X-Organization-ID: <ORG_ID>
  • Validation: The system verifies that the authenticated user or API key has permission to access the specified organization.

3. Security Best Practices

  • Never share API Keys: Keep your keys server-side. Never expose them in client-side code (JavaScript, mobile apps).
  • Use HTTPS: All API requests must be made over HTTPS.
  • Rotate Keys: Regularly rotate your API keys to minimize the impact of a potential leak.
  • IP Whitelisting: (Coming Soon) Restrict API key usage to specific IP addresses.

Next Step

Explore the available API Endpoints to start building your custom connection.