API Key Authentication
All API requests require authentication using an API key. Include your key in thex-api-key header:
Getting Your API Key
- Log in to your dashboard at lupitor.acrely.ai
- Navigate to API Keys in your company settings
- Click Create API Key
- Choose a scope and give it a descriptive name
- Copy your key immediately (it won’t be shown again!)
Never share your API keys or commit them to version control. Treat them like passwords.
API Key Scopes
API keys have different permission levels:Read
Read-only access
- List leads
- View conversations
- Get analytics
Write
Full access
- Create leads
- Update campaigns
- All read operations
Write scope automatically includes Read access. You don’t need separate keys.
Campaign Scoping
API keys can be scoped to specific campaigns or have company-wide access:Company-Wide Access
Campaign-Specific Access
Example Request
Security Best Practices
Store Securely
Store Securely
- Use environment variables
- Never hardcode in source code
- Use secret management tools (e.g., AWS Secrets Manager, 1Password)
Rotate Regularly
Rotate Regularly
- Rotate keys periodically
- Immediately revoke compromised keys
- Create new keys before deleting old ones
Limit Scope
Limit Scope
- Use read-only keys where possible
- Scope to specific campaigns when appropriate
- Create separate keys for different environments
Monitor Usage
Monitor Usage
- Review API logs regularly
- Set up alerts for unusual activity
- Track which keys are being used
Error Responses
Missing API Key
401 Unauthorized
Invalid API Key
401 Unauthorized
Insufficient Permissions
403 Forbidden
Need Help?
If you’re having authentication issues:- Verify your API key is correct
- Check that the key hasn’t been revoked
- Ensure you’re using the correct scope
- Contact support at info@acrely.ai