Skip to main content
OpenBat uses two authentication methods depending on which endpoints you call.
API key authentication is used by the SDK ingestion endpoint (POST /api/v1/capture). Pass your chatbot’s API key as a Bearer token in the Authorization header:
Authorization: Bearer ob_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4

How it works

  • The key is validated by hashing it with SHA-256 and looking up the corresponding chatbot.
  • The full key is never stored in the database — only the hash.
  • The prefix (ob_live_a1b2c3...) is displayed in the dashboard for identification.
If the key is missing or invalid, the API returns 401 Unauthorized.

Getting your API key

1

Open your chatbot settings

Go to Settings > General in the chatbot you want to connect.
2

Find your key prefix

The key prefix is displayed on the settings page so you can identify which key is active.
3

Rotate if you need the full key

If you need the full key (for example, during initial setup or after losing the original), click Rotate Key. This generates a new key and immediately invalidates the old one.
4

Copy and store the key

Copy the full key and store it somewhere secure, such as an environment variable.
Your API key is shown only once when you create or rotate it. Copy it immediately and store it securely. The full key cannot be recovered after you leave the page.

Key security

  • The full key is shown only once at creation or rotation. It cannot be recovered afterward.
  • Store your key in environment variables. Never commit it to source code.
  • Rotate immediately if you suspect the key has been compromised. Rotating a key invalidates the previous one instantly.

API key format

ob_live_<32 lowercase hex characters>
The ob_live_ prefix is constant. The remaining 32 characters are randomly generated hexadecimal.