Authentication
You can authenticate to Botpress’s API (api.botpress.cloud) as a user, a bot, or an integration. To do so, you’ll need to use a token.
A Personal Access Token (PAT) can be generated in the Profile Settings section of your Botpress account. Once generated, you can use this token as a
This header should be included in all requests to the Botpress Cloud API, where
In this example, the
If you are looking to use the webchat API or the chat API to talk to your bot please refer to the chat API documentation and webchat documentation.
Types of Tokens
1. Personal Access Token (PAT)
Be careful, your PAT has the same access you have and can be used to access your data. Keep it safe and never share it with anyone.
Bearer token to authenticate API requests.
2. Bot Access Key
A Bot Access Key (BAK) is provided to the bot once it is deployed. This token limit the API access to only the actions that the bot can perform. Only the runtime API, tables API, and files API are available with this token.3. Integration Access Key
An Integration Access Key (IAK) is provided to the integration once it is deployed. This token limit the API access to only the actions that the integration can perform. Only the runtime API and files API are available with this token.If you are looking to self host your integration you can generate your own Integration Access Key instead of using your own PAT.
Authentication Methods
Once you have your token, you can authenticate your requests to Botpress’s API (api.botpress.cloud) using one of the following methods:1. Authentication with the API
To authenticate using the API, pass theAuthorization header with the appropriate token. Here’s an example of the request format:
{TOKEN} is replaced with the actual token you obtained (PAT, Bot Access Key, or Integration Access Key).
2. Authentication with the Client
You can also authenticate using the client by providing thetoken when creating a new Client instance:
token you is either a Personal Access Token, Bot Access Key, or Integration Access Key. This will create a Client instance that is authenticated and can be used to interact with the API.