Skip to content
Tellexa Docs

Authentication

API Authentication

Section titled “API Authentication”

Authentication Methods

Section titled “Authentication Methods”

Tellexa API supports two authentication methods:

1. API Keys

Section titled “1. API Keys”

Best for server-to-server communication and scripts.

Terminal window
curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://api.tellexa.ai/v1/assistants

Characteristics:

  • Simple to implement
  • Long-lived credentials
  • Best for backend services
  • Can be scoped to specific permissions

2. OAuth 2.0

Section titled “2. OAuth 2.0”

Best for user-facing applications.

Authorization: Bearer ACCESS_TOKEN

Characteristics:

  • User-delegated access
  • Short-lived tokens (1 hour)
  • Refresh tokens available
  • Best for web/mobile apps

API Keys

Section titled “API Keys”

Creating an API Key

Section titled “Creating an API Key”
  1. Go to Settings → API
  2. Click Create API Key
  3. Name your key (e.g., “Production Server”)
  4. Select permissions/scopes
  5. Copy and securely store the key

Key Permissions

Section titled “Key Permissions”
PermissionDescription
readRead-only access to data
writeCreate and update records
adminFull administrative access
messagesSend and receive messages
integrationsManage integrations

Revoking Keys

Section titled “Revoking Keys”

If a key is compromised:

  1. Go to Settings → API
  2. Find the key in the list
  3. Click Revoke
  4. Generate a new key if needed

OAuth 2.0

Section titled “OAuth 2.0”

Authorization Flow

Section titled “Authorization Flow”
  1. Redirect to authorize:
GET https://auth.tellexa.ai/oauth/authorize
  ?client_id=YOUR_CLIENT_ID
  &redirect_uri=https://yourapp.com/callback
  &response_type=code
  &scope=read+messages
  1. Exchange code for token:
Terminal window
POST https://auth.tellexa.ai/oauth/token
Content-Type: application/x-www-form-urlencoded


grant_type=authorization_code
&code=AUTHORIZATION_CODE
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&redirect_uri=https://yourapp.com/callback
  1. Token response:
{
  "access_token": "eyJ...",
  "token_type": "Bearer",
  "expires_in": 3600,
  "refresh_token": "dGVzdC...",
  "scope": "read messages"
}

Refreshing Tokens

Section titled “Refreshing Tokens”
Terminal window
POST https://auth.tellexa.ai/oauth/token
Content-Type: application/x-www-form-urlencoded


grant_type=refresh_token
&refresh_token=YOUR_REFRESH_TOKEN
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET

Best Practices

Section titled “Best Practices”

Secure Storage

Section titled “Secure Storage”
  • ✅ Use environment variables
  • ✅ Use secrets managers (Vault, AWS Secrets)
  • ✅ Encrypt at rest
  • ❌ Don’t commit to version control
  • ❌ Don’t log credentials

Key Rotation

Section titled “Key Rotation”
  • Rotate API keys periodically (every 90 days recommended)
  • Use multiple keys for different environments
  • Monitor key usage for anomalies

Least Privilege

Section titled “Least Privilege”
  • Grant only necessary permissions
  • Use read-only keys where possible
  • Create separate keys per application

Questions? Contact API support →