Jump to
Authentication
All Inkbox API endpoints require authentication using service tokens via Bearer token authentication.
Getting a service token
To use the Inkbox API, you need a service token. Create an account and generate a service token from the Inkbox console.
Get service tokenOnce you have an account, you can create and manage service tokens from the Inkbox console.
Overview
The Inkbox API uses service token authentication. Include your service token in the X-Service-Token header with every request.
Keep your service tokens secret. Never commit them to version control or expose them in client-side code.
Making authenticated requests
Header format
X-Service-Token: YOUR_SERVICE_TOKENExample
cURLError responses
401 Unauthorized
Returned when the service token is missing, invalid, expired, or revoked.
JSONCommon issues:
- Missing
X-Service-Tokenheader - Expired or revoked service token
- Invalid service token format
- Service token not generated from https://console.inkbox.ai
Security best practices
- Keep service tokens secret: Never commit service tokens to version control. Use environment variables or secure secret management systems.
- Use environment variables:
export INKBOX_SERVICE_TOKEN="your-service-token-here" - Server-side only: Never use service tokens in client-side JavaScript. Service tokens should only be used in secure server environments.
- Rotate tokens regularly: Regularly rotate service tokens for security. Generate a new token from the console, update integrations, then revoke the old token.