API Authentication

Understand the authentication options available for Webex Connect APIs and Webhooks

Authentication options for Webex Connect APIs and Webhooks

All requests to the Webex Connect APIs and Webhooks are authenticated using either a key or JSON Web Tokens (JWT). Here are the authentication details for various APIs offered by Webex Connect.

📘

Note

If you are looking for Authentication details for Webex Connect Sandbox APIs, please refer here

API / WebhooksAuthentication Types Supported
Messaging API (v1 and v2)1. Service Key
2. Service Specific JWT Tokens
(Refer this page to know how you can access Service Keys and Jason Web Tokens for a Service in Webex Connect).
Custom Event API v11. Service Key
2. Service Specific JWT Tokens
Inbound Webhooks1. Service Key
2. Service Specific JWT Tokens
Contact Policy APIsProfile Key (Available under Tenant Settings page. Refer this page for more info.)
RCS Capability Lookup API1. Service Key
2. Service Specific JWT Tokens
Profile API v2Profile Key (Available under Tenant Settings page)
Thread APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)
Segment APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)
Topic APIsJWT Tokens (Refer JWT Set-up Tutorial in SDK Docs)

🚧

Authentication Best Practice

You can use either Service Key or JSON Web Tokens (JWT) for authentication when using Messaging APIs, Custom Event API v1, inbound webhooks, and other APIs mentioned above. If you use both JWT authentication and Service Key in an API request, JWT authentication takes priority, and the Service Key is ignored.


IP Allowlisting for APIs and Webhooks

Additionally, Webex Connect supports IP Allowed listing to validate the request source for Messaging API, Custom Event API, Inbound Webhooks, and user logins. Send an email to support team if you want to enable IP allowed listing for your tenant.