The Superchat API uses header tokens to authenticate requests. You'll need to include a token in the header of your requests.
The header token can be obtained from the settings UI in our web-app under Settings > API. Alternatively, you may want to use this link to get there (Please note, you have to be logged in as an administrator to view the API token).
For each call, the token has to be sent in the header as
X-API-KEY: <YOUR-API-TOKEN>
The token is currently scoped to have global read and write access.
Your API key grants access to very powerful features and resources. It is important to keep your API keys safe as they grant access to many privileges. Avoid sharing your secret API keys in public areas that are accessible to anyone, such as GitHub, client-side code, and similar places.
API requests have to be made over HTTPS. Requests over HTTP will fail.