API Authentication

Overview

To access Medchat services programmatically, you will need your Org ID and scoped API access tokens to call various endpoints in the system. This includes API calls such as get chats, resume chatbot executions, or post SMS messages, among many other available calls.

These artifacts are available under the Medchat Developer portal (Admin > Developer > MedChat Auth) -- for users that have the Developer role.

📘

Pre-existing Authorization Tokens

For Orgs that have generated an API Authorization Token prior to 2/2/23, note that those tokens remain intact and will be displayed as "{Your Org Name} API Client" in the list of Scoped Access Tokens.


Managing Access Tokens

Creating tokens

To create a new token, click on Generate new token under Scoped Access Tokens. The New access token dialog will slide into display, allowing you to set the token name, its optional expiration date, and the scope of access you want to grant for the token.


Available Scopes

The available Scopes that define your Medchat token's access to API calls are as follows:

DomainScopeToken AccessSample API calls
Live Chatsread.my_orgs.chatsRead chats and chat-related resourcesGet chats, Download Chats, Get chat context
create.chat_attributesCreate chat attributesCreate Attribute
update.chat_attributesUpdate chat attributesUpdate attribute
Text (SMS) Chats read.sms_chatsRead SMS chatsGet SMS chats
send.sms_messageSend SMS messagesPost SMS Messages
Widgetsread.widgetsRead widgets and widget-related resources (e.g. topics, stored replies, request forms, etc.)
Chat Botsimpersonate.botRead and write messages on behalf of bot, resume bot executionsResume chatbot execution
create.text_bot_executionsInitiate text bot executions for SMS chats
read.text_bot_executionsRead text bot executions
Webhookscreate.webhooksCreate webhooks
read.webhooksRead webhooks
update.webhooksUpdate webhooks and manage webhook secrets
delete.webhooksDelete webhooks
read.webhook_event_categoriesRead webhook event categories
Data Setsmanage.datasetCreate, update, and delete data setsCreate data set
get.datasetRead/query data setsGet data sets
Usersread.usersRead users (limited scope)
read.my_orgs.usersRead users (full scope)
read.all.custom_user_attributesRead users custom attribute valuesGet custom user attributes
Custom Reportsread.analytics_query_resultsRead/export query resultsExecute query
Analyticsread.chat_aggregationsRead live chat aggregations
User Verificationcreate.user_verifyconfigCreate user verification configurationsCreate user verification config
read.user_verifyconfigRead user verification configurationsGet user verification config
Registered Chatscreate.registered_chatsCreate registered chatsCreate registered chat
read.registered_chatsRead registered chatsGet registered chat
Journeyscreate.journey_instancesCreate journey instances
Retention Jobsmanage.extractjobsCreate, read, and download extract job results.Create retention job
manage.purgejobsCreate, read, and download extract portion of purge jobs.

Click Create token to generate your token.

🚧

Remember to keep your API Access token secure. It will only be displayed once.


Updating tokens

You currently have the option of updating the name of an existing token from the details panel. Note that once you've created a token, you will not be able to modify its expiration date and scope of access.

🚧

If you need to update a token beyond its name, we recommend that you issue a new token with your desired scope and date of expiration, deploy the new token to your relevant applications (i.e. perform key rotation), and then revoke the original token.


Deleting tokens

To delete a token, click on a listed scoped access token to expand the detail panel, and scroll to the bottom. Click on the Delete token button.

❗️

Deleting an access token will delete all permissions granted for this token. This action is irreversible.