API Authentication

Authenticate public API requests with RogerIQ API keys and scopes.

API Authentication

Use API keys for server-to-server integration with RogerIQ.

Header Options

bash
curl https://api.rogeriq.com/api/v1/projects/prj_123/conversations \  -H "Authorization: Bearer riq_your_key"
bash
curl https://api.rogeriq.com/api/v1/projects/prj_123/conversations \  -H "X-API-Key: riq_your_key"

Key Format

API keys must start with:

txt
riq_

Scopes

ScopeRequired for
readListing and reading conversations, messages, contacts, webhooks, and deliveries.
writeCreating and updating conversations, messages, contacts, webhooks, and secrets.
adminBroad access where an endpoint accepts admin scope.

Project Ownership

The API resolves the project in the URL and verifies that it belongs to the same organization as the API key. A valid key for one organization cannot access another organization's project.

Expiration

Keys can expire. Expired keys return 401 Unauthorized.

Best Practices

  • Store API keys in a server-side secret manager.
  • Use separate keys for production, staging, and local development.
  • Rotate keys after employee offboarding or vendor changes.
  • Use read keys for reporting-only integrations.
  • Never put an API key in the widget, form HTML, frontend bundle, or mobile app.
Previous API Overview
Next Conversations API
Ask a question... ⌘I