Developer

API tokens

Per-bot bearer tokens. Each one is scoped to a single bot and can be revoked independently.

Issue a token

  1. Open the bot in your dashboard, scroll to API tokens.
  2. Add an optional label (e.g. Production widget, Local dev) and click Create token.
  3. The plaintext token appears once in a green banner — copy it now. We only store a SHA-256 hash and the display prefix (amk_live_abc12345…).

Format

Tokens look like amk_live_ followed by 24 random alphanumerics. Treat them like passwords.

Use the token

Add it as a Bearer header on every request:

Authorization: Bearer amk_live_abc123…

The token must match the botId in your request body — cross-bot use is rejected with 401.

Revoke a token

Hit Revoke on any token row in the same panel. The next request that uses it returns 401 immediately.

Best practices

  • One token per environment. Use separate tokens for production, staging, and local dev so you can rotate independently.
  • Never commit tokens. Use environment variables, secrets managers, or vault systems.
  • Rotate on suspicion. Revoke immediately if a token is ever exposed in a log, screenshot, or commit.
Get started

Add it to your site today.

Paste your URL, brand the widget, drop in the embed snippet. Live in under five minutes.

Add to your site — free