Skip to main content
API keys authenticate your requests to the Connectly API. You can create multiple keys with different scopes and expiration dates β€” for example, a key scoped to messaging only for your backend, and a separate key with full access for internal tooling.

Generate an API key

1

Open Settings

In the Connectly inbox, click Settings in the left sidebar, then select the General tab. Scroll down to the API Key and Webhook Secret section and click Create API Key.
2

Name your key

Give the key a descriptive name so you can identify it later β€” for example, Production Backend or Integration.
3

Select scopes

Choose which permissions this key should have. If no scopes are selected, the key has full access to all operations.
ScopeWhat it allows
ai.manageManage AI tools and internal diagnostics
campaign.manageManage campaigns, templates, flows, automations, and audiences
commerce.manageManage orders, checkouts, billing, and delivery controls
conversation.manageManage rooms, inbox actions, tickets, and tags
customer.manageManage customer records and profile data
key.manageCreate, revoke, and manage API keys
messaging.sendSend outbound messages and campaigns
system.managePerform privileged internal system operations
workspace.manageManage business, channels, users, teams, and integrations
Follow the principle of least privilege β€” only select the scopes your integration actually needs. For example, a webhook integration only needs messaging.send and campaign.manage.
4

Set an expiration (optional)

By default, keys have no expiration. If you want the key to automatically expire β€” for example, for a temporary integration or a contractor β€” select an expiration period from the dropdown.
5

Create and copy the key

Click Create Key. Your API key is displayed once only β€” copy it immediately and store it somewhere secure such as a password manager or a secrets manager.
The key is shown only once at creation time. Connectly does not store the plaintext value. If you lose it, you’ll need to generate a new one.

Use your API key

Include the key in the X-API-Key header on every request to the Connectly API:
curl --request POST \
  --url https://api.connectly.ai/v1/businesses/<business_id>/send/messages \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <YOUR_KEY_HERE>' \
  --data '{...}'
Any request missing a valid X-API-Key header returns an ERROR_TYPE_AUTHENTICATION error.

Manage existing keys

From Settings β†’ General β†’ API Key and Webhook Secret you can view all keys associated with your account, see their names, scopes, and expiration dates, and revoke any key that is no longer needed.
Generating a new key does not automatically invalidate existing keys. To revoke a key, delete it explicitly from the Settings page.

Security best practices

  • Never expose your API key client-side β€” don’t include it in frontend JavaScript, mobile apps, or public repositories.
  • Use scoped keys β€” restrict each key to only the permissions it needs.
  • Rotate keys regularly β€” especially after team member offboarding or if you suspect a key has been compromised.
  • Set expiration dates for temporary integrations or external collaborators.
  • Store keys in a secrets manager β€” use a tool like AWS Secrets Manager, HashiCorp Vault, or a password manager rather than hardcoding keys in config files.