API
Authentication
The REST API is authenticated with secret API keys. Create them in your dashboard under Developer → API keys, scope them to exactly what they need, and pass them as a Bearer token.
Base URL
text
https://api.asklify.in/api/v1All API routes below are relative to this base. Requests and responses are JSON (Content-Type: application/json) unless noted.
Using your key
Pass the key in the Authorization header. Keys start with sk_ and are shown once at creation — store them in a secret manager.
bash
curl https://api.asklify.in/api/v1/usage \
-H "Authorization: Bearer sk_your_api_key"Never ship an
sk_ key to a browser, mobile app, or public repo. Client-side chat should use the widget (protected by domain allowlists) or a thin backend proxy that holds the key server-side.Scopes
Each key carries an explicit list of scopes. Requests to an endpoint the key isn't scoped for fail with 403 Forbidden.
| Field | Type | Description |
|---|---|---|
chat | scope | Send messages and request human handoff. |
knowledge:read | scope | List documents and run semantic search. |
knowledge:write | scope | Create, upload, and delete documents. |
conversations:read | scope | List conversations and read transcripts. |
analytics:read | scope | Read usage summaries. |
Project-scoped vs org-wide keys
A key is created either locked to one project or org-wide:
- Project-scoped — the key implies its project; you never pass
projectId. Recommended for most integrations. - Org-wide — the key can act on any project, so every call must include a
projectId(in the JSON body for POSTs, as a query parameter for GETs). Omitting it returns400 Bad Request.
Key hygiene
- Create one key per integration so you can revoke independently.
- Grant the minimum scopes each integration needs.
- Rotate keys on a schedule; revoking is instant in the dashboard.
- Watch key usage under Developer → API keys — each key shows when it was last used.
