All requests to the Webex Connect APIs are authenticated using either a key or JSON Web Tokens (JWT). Here are the authentication details for various APIs offered by Webex Connect.
If you are looking for Authentication details for Sandbox APIs, please refer here
Authentication Types Supported
Messaging API (v1 and v2)
Custom Event v1
RCS Capability Lookup
|Profile API v2||Profile Key (Available under Tenant Settings page)|
|Thread APIs||JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)|
|Segment APIs||JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)|
|Topic APIs||JWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)|
|Contact Policy APIs||Profile Key (Available under Tenant Settings page)|
Authentication Best Practice
You can use either Service Key or JSON Web Tokens (JWT) for authentication when using Messaging APIs, Custom Event API v1, inbound webhooks, and other APIs mentioned above. If you use both JWT authentication and Service Key in an API request, JWT authentication takes priority, and the Service Key is ignored.
Additionally, Webex Connect supports IP Whitelisting to validate the request source for Messaging API, Custom Event API, Inbound Webhooks, and user logins. Send an email to support team if you want to enable IP whitelisting for your tenant.