All requests to the Webex Connect APIs are authenticated using either a key or JSON Web Tokens (JWT). Here are the authentication details for various APIs offered by Webex Connect.
Note
If you are looking for Authentication details for Sandbox APIs, please refer here
| API | Authentication Types Supported |
|---|---|
| Messaging API (v1 and v2) | Service Key Service Specific JWT Tokens |
| Custom Event v1 | Service Key Service Specific JWT Tokens |
| Inbound Webhooks | Service Key Service Specific JWT Tokens |
| RCS Capability Lookup | Service Key Service Specific JWT Tokens |
| Profile API v2 | Profile Key (Available under Tenant Settings page) |
| Thread APIs | JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs) |
| Segment APIs | JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs) |
| Topic APIs | JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs) |
| Contact Policy APIs | Profile Key (Available under Tenant Settings page) |
Authentication Best Practice
You can use either Service Key or JSON Web Tokens (JWT) for authentication when using Messaging APIs, Custom Event API v1, inbound webhooks, and other APIs mentioned above. If you use both JWT authentication and Service Key in an API request, JWT authentication takes priority, and the Service Key is ignored.
Additionally, Webex Connect supports IP Allowed listing to validate the request source for Messaging API, Custom Event API, Inbound Webhooks, and user logins. Send an email to support team if you want to enable IP allowed listing for your tenant.