API Key Authentication for the Partner API

We are introducing API Key authentication as the new default method for accessing the 360Dialog Partner API. This change provides more flexibility, improved security, and better control over your API access.

Why We Are Moving to API Key Authentication

Problems with Bearer Token Authentication

Until now, Partner API access has relied on Bearer tokens tied to user authentication. While simple, this approach has several limitations:

Single token access: Only one token per user, with no way to separate environments or integrations.
Lack of granular control: You can’t manage different keys for different use cases.
Security risks: If a Bearer token is compromised, it’s difficult to revoke without disrupting all access.

Benefits of API Key Authentication

API keys offer a more robust and secure approach to authentication. With API keys, you can:

Generate multiple keys for different systems or integrations.
Revoke or rotate keys at any time without affecting other keys or users.
Leverage upcoming security features, such as IP whitelisting, Key usage analytics or Scoped access control

This gives you better visibility and control over how your integrations use the API.

How This Affects You

Backward Compatibility & Transition Period

API Key authentication is now enabled by default for all partners.
The legacy Bearer token authentication remains available for now.
You can choose to disable Bearer token auth at any time from the dashboard.

We recommend transitioning to API Key authentication as soon as possible to take advantage of new features and improved security.

How to Create, View, and Delete API Keys

Managing your API keys is simple and can be done directly in the 360Dialog Partner Dashboard:

Log in to your Partner Dashboard.
Navigate to the “API Keys” tab
To generate a new key:
1. Click “Generate API Key”
2. Add a name (e.g., “Prod Server”)
3. Complete the OTP
4. Copy the key and store it securely — this is the only time you’ll see it.
To delete a key, simply click the trash icon next to the key name. The key is immediately revoked.

💡 Tip: Use different keys for different environments or systems to isolate access and simplify management.

How to Update API Requests to Use API Key

Recommended Migration Steps

To start using your API key:

Replace the Authorization header in your requests:

Previously, you may have used:

This is the only change needed in your API requests — all endpoints and functionality remain the same.

Disabling Legacy Bearer Token Auth

If you’d like to enforce the new authentication method and disable Bearer tokens:

Go to the "API KEY" tab in your Partner Dashboard.
Toggle “Legacy Token Authentication” to OFF. This will immediately block all Bearer token-based access.

Note: Once disabled, Bearer tokens will no longer work. Make sure all systems have switched to API keys before turning it off.

You can enable the Legacy Token Authentication again in the Integration tab of your Partner Dashboard.

FAQ's

What’s changing with Partner API authentication?

We’re introducing API keys as a new authentication method. API key auth is enabled by default, and you can manage keys directly in the Partner Dashboard. The old Bearer token method is still available but can be disabled.

Why should I switch to API key authentication?

API keys offer:

More control (you can create multiple keys and revoke them individually).
Better security (future security features will be API key-based).
Easier management from the dashboard.

Can I disable the old Bearer token authentication?

Yes! In the Partner Dashboard, there’s an option to disable Bearer token auth. Once disabled, only API key authentication will work.

Can I have multiple API keys?

Yes, you can generate multiple keys and revoke them individually.

What happens if I delete an API key?

Any API requests using that key will stop working immediately. Make sure to update your integrations before deleting keys.

Will future security features require API keys?

Yes. API keys will support upcoming security features like IP restrictions, access controls, and monitoring.

What if I forget to update my authentication method?

For now, Bearer token authentication will continue to work, but we highly recommend switching to API keys as soon as possible.

Once I’ve disabled Bearer Token, can I enable it again?

Yes, Legacy Bearer Token authentication can be enabled in the Partner Dashboard. Go the the Integration tab, and enable the Legacy Authentication.

By switching to API key authentication, you gain stronger control over your integrations and set yourself up for upcoming improvements to API security and observability.

Need More Help?

Reach out to our Support Team.

Last updated 1 month ago

Was this helpful?

Why We Are Moving to API Key Authentication

Problems with Bearer Token Authentication

Until now, Partner API access has relied on Bearer tokens tied to user authentication. While simple, this approach has several limitations:

Single token access: Only one token per user, with no way to separate environments or integrations.
Lack of granular control: You can’t manage different keys for different use cases.
Security risks: If a Bearer token is compromised, it’s difficult to revoke without disrupting all access.

Benefits of API Key Authentication

API keys offer a more robust and secure approach to authentication. With API keys, you can:

Generate multiple keys for different systems or integrations.
Revoke or rotate keys at any time without affecting other keys or users.
Leverage upcoming security features, such as IP whitelisting, Key usage analytics or Scoped access control

This gives you better visibility and control over how your integrations use the API.

How This Affects You

Backward Compatibility & Transition Period

API Key authentication is now enabled by default for all partners.
The legacy Bearer token authentication remains available for now.
You can choose to disable Bearer token auth at any time from the dashboard.

We recommend transitioning to API Key authentication as soon as possible to take advantage of new features and improved security.

How to Create, View, and Delete API Keys

Managing your API keys is simple and can be done directly in the 360Dialog Partner Dashboard:

Log in to your Partner Dashboard.
Navigate to the “API Keys” tab
To generate a new key:
1. Click “Generate API Key”
2. Add a name (e.g., “Prod Server”)
3. Complete the OTP
4. Copy the key and store it securely — this is the only time you’ll see it.
To delete a key, simply click the trash icon next to the key name. The key is immediately revoked.

💡 Tip: Use different keys for different environments or systems to isolate access and simplify management.

How to Update API Requests to Use API Key

Recommended Migration Steps

To start using your API key:

Replace the Authorization header in your requests:

# ✅ New method

curl -X GET "https://hub.360Dialog.io/api/v2/..." \
  -H "x-api-key: YOUR_API_KEY_HERE"

Previously, you may have used:

# ❌ Legacy method

curl -X GET "https://hub.360Dialog.io/api/v2/..." \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN_HERE"

This is the only change needed in your API requests — all endpoints and functionality remain the same.

Disabling Legacy Bearer Token Auth

If you’d like to enforce the new authentication method and disable Bearer tokens:

Go to the "API KEY" tab in your Partner Dashboard.
Toggle “Legacy Token Authentication” to OFF. This will immediately block all Bearer token-based access.

Note: Once disabled, Bearer tokens will no longer work. Make sure all systems have switched to API keys before turning it off.

You can enable the Legacy Token Authentication again in the Integration tab of your Partner Dashboard.

FAQ's

What’s changing with Partner API authentication?

Why should I switch to API key authentication?

API keys offer:

More control (you can create multiple keys and revoke them individually).
Better security (future security features will be API key-based).
Easier management from the dashboard.

Can I disable the old Bearer token authentication?

Yes! In the Partner Dashboard, there’s an option to disable Bearer token auth. Once disabled, only API key authentication will work.

Can I have multiple API keys?

Yes, you can generate multiple keys and revoke them individually.

What happens if I delete an API key?

Any API requests using that key will stop working immediately. Make sure to update your integrations before deleting keys.

Will future security features require API keys?

Yes. API keys will support upcoming security features like IP restrictions, access controls, and monitoring.

What if I forget to update my authentication method?

For now, Bearer token authentication will continue to work, but we highly recommend switching to API keys as soon as possible.

Once I’ve disabled Bearer Token, can I enable it again?

Yes, Legacy Bearer Token authentication can be enabled in the Partner Dashboard. Go the the Integration tab, and enable the Legacy Authentication.

By switching to API key authentication, you gain stronger control over your integrations and set yourself up for upcoming improvements to API security and observability.

Need More Help?

Reach out to our Support Team.

Last updated 1 month ago

Was this helpful?