🛡️Authentication
Authentication ensures secure access to Operator AI’s API and admin areas — protecting your data, conversations, and integrations.
🛡️ How Authentication Works
Operator AI uses secure Bearer Tokens for API authentication:
Every API request must include a valid Authorization header.
Tokens are linked to your account and permissions.
Tokens can be generated, rotated, and revoked from the dashboard.
✅ Only authorized users and apps can access your Operator AI data.
🛠️ How to Generate an API Token
Log into your Operator AI Dashboard.
Go to Settings → API.
Click Generate New Token.
(Optional) Name your token (e.g., "CRM Integration" or "Zapier Sync").
Copy and securely store your new token — it won’t be shown again!
✅ Keep your token private — treat it like a password.
🔥 Example Authentication Header
Authorization: Bearer YOUR_API_TOKEN_HERE
Content-Type: application/json✅ Always send your token securely over HTTPS.
📋 Best Practices for API Authentication
Use one token per integration or service
Easier to manage and rotate if needed.
Rotate tokens quarterly
Reduce risk from token leaks or staff changes.
Never hardcode tokens in public repositories
Always keep credentials private.
Monitor API access logs
Detect suspicious usage early.
Revoke tokens immediately if compromised
Stay secure in case of leaks or team turnover.
✅ Good credential hygiene = better platform security.
🧠 Advanced: Role-Based API Permissions
(Coming soon in Operator AI Pro and Enterprise plans)
Create API tokens with scoped permissions (read-only, conversation access only, admin rights, etc.).
Further tighten security based on integration needs.
✅ Minimize risk by granting least-privilege access.
🛟 Need Help?
Explore Authentication and API usage tutorials inside this documentation.
Contact support@heyoperator.ai for integration-specific questions.
Your Success Manager can assist with best practices for API security.
✅ We’re here to help your integrations stay secure and scalable.
🎯 Next Step
Last updated