API Authentication

All requests to the Webex Connect APIs are authenticated using either a key or JSON Web Tokens (JWT). Here are the authentication details for various APIs offered by Webex Connect.

📘

Note

If you are looking for Authentication details for Sandbox APIs, please refer here

API

Authentication Types Supported

Messaging API (v1 and v2)

  • Service Key
  • Service Specific JWT Tokens

Custom Event v1

  • Service Key
  • Service Specific JWT Tokens

Inbound Webhooks

  • Service Key
  • Service Specific JWT Tokens

RCS Capability Lookup

  • Service Key
  • Service Specific JWT Tokens
Profile API v2Profile Key (Available under Tenant Settings page)
Thread APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)
Segment APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)
Topic APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)
Contact Policy APIsProfile Key (Available under Tenant Settings page)

🚧

Authentication Best Practice

You can use either Service Key or JSON Web Tokens (JWT) for authentication when using Messaging APIs, Custom Event API v1, inbound webhooks, and other APIs mentioned above. If you use both JWT authentication and Service Key in an API request, JWT authentication takes priority, and the Service Key is ignored.

Additionally, Webex Connect supports IP Whitelisting to validate the request source for Messaging API, Custom Event API, Inbound Webhooks, and user logins. Send an email to support team if you want to enable IP whitelisting for your tenant.