Skip to content

API

Authentication

The REST API is authenticated with secret API keys. Create them in your dashboard under Developer → API keys, scope them to exactly what they need, and pass them as a Bearer token.

Base URL

text
https://api.asklify.in/api/v1

All API routes below are relative to this base. Requests and responses are JSON (Content-Type: application/json) unless noted.

Using your key

Pass the key in the Authorization header. Keys start with sk_ and are shown once at creation — store them in a secret manager.

bash
curl https://api.asklify.in/api/v1/usage \
  -H "Authorization: Bearer sk_your_api_key"
Never ship an sk_ key to a browser, mobile app, or public repo. Client-side chat should use the widget (protected by domain allowlists) or a thin backend proxy that holds the key server-side.

Scopes

Each key carries an explicit list of scopes. Requests to an endpoint the key isn't scoped for fail with 403 Forbidden.

FieldTypeDescription
chatscopeSend messages and request human handoff.
knowledge:readscopeList documents and run semantic search.
knowledge:writescopeCreate, upload, and delete documents.
conversations:readscopeList conversations and read transcripts.
analytics:readscopeRead usage summaries.

Project-scoped vs org-wide keys

A key is created either locked to one project or org-wide:

  • Project-scoped — the key implies its project; you never pass projectId. Recommended for most integrations.
  • Org-wide — the key can act on any project, so every call must include a projectId (in the JSON body for POSTs, as a query parameter for GETs). Omitting it returns 400 Bad Request.

Key hygiene

  • Create one key per integration so you can revoke independently.
  • Grant the minimum scopes each integration needs.
  • Rotate keys on a schedule; revoking is instant in the dashboard.
  • Watch key usage under Developer → API keys — each key shows when it was last used.