Skip to main content
All Replyify API requests require authentication using a Bearer token in the Authorization header.

API Keys

API keys provide secure access to your workspace data. Each key:
  • Is scoped to a single workspace
  • Has full read/write access to workspace data
  • Never expires (unless manually revoked)
  • Can be revoked at any time

Creating an API Key

1

Go to API Settings

Navigate to Settings → API Keys in your Replyify dashboard.
2

Create a new key

Click Create API Key and enter a descriptive name (e.g., “Production Integration”).
3

Copy your key

Copy the generated key immediately. It’s only shown once for security.
If you lose your key, you’ll need to create a new one. Old keys cannot be retrieved.

Using Your API Key

Include your API key in the Authorization header of every request: 
Authorization: Bearer rpl_your_api_key_here

Example Request

cURL
curl -X GET "https://app.replyify.ai/api/replies" \
  -H "Authorization: Bearer rpl_abc123def456" \
  -H "Content-Type: application/json"
JavaScript
const response = await fetch('https://app.replyify.ai/api/replies', {
  headers: {
    'Authorization': 'Bearer rpl_abc123def456',
    'Content-Type': 'application/json'
  }
});
Python
import requests

response = requests.get(
    'https://app.replyify.ai/api/replies',
    headers={'Authorization': 'Bearer rpl_abc123def456'}
)

Authentication Errors

401 Unauthorized

Returned when authentication fails: 
{
  "error": "Invalid API key"
}
Common causes:
  • Missing Authorization header
  • Incorrect or malformed API key
  • Revoked API key

403 Forbidden

Returned when the key is valid but lacks permission: 
{
  "error": "Insufficient permissions"
}
Common causes:
  • Trying to access another workspace’s data
  • API key restrictions (if configured)

Managing API Keys

Viewing Keys

Go to Settings → API Keys to see all keys:
  • Key name
  • Key prefix (first few characters)
  • Created date
  • Last used date

Revoking Keys

To revoke a key:
  1. Find the key in Settings → API Keys
  2. Click Revoke
  3. Confirm the action
Revoking a key immediately invalidates it. Any integrations using that key will stop working.

Security Best Practices

Use Environment Variables

Never hardcode API keys in your source code. Use environment variables instead.

Rotate Keys Regularly

Create new keys periodically and revoke old ones, especially after team changes.

One Key Per Integration

Use separate keys for different integrations so you can revoke individually.

Monitor Usage

Check “Last Used” dates to identify unused keys that can be safely revoked.

Storing Keys Securely

Do:
  • Store in environment variables
  • Use secrets management (AWS Secrets Manager, HashiCorp Vault, etc.)
  • Encrypt at rest if storing in a database
Don’t:
  • Commit to version control
  • Share in plain text (email, Slack, etc.)
  • Expose in client-side code
  • Log in application logs

Example: Environment Variables

.env
REPLYIFY_API_KEY=rpl_abc123def456
Node.js
const apiKey = process.env.REPLYIFY_API_KEY;

const response = await fetch('https://app.replyify.ai/api/replies', {
  headers: {
    'Authorization': `Bearer ${apiKey}`,
    'Content-Type': 'application/json'
  }
});
Python
import os
import requests

api_key = os.environ.get('REPLYIFY_API_KEY')

response = requests.get(
    'https://app.replyify.ai/api/replies',
    headers={'Authorization': f'Bearer {api_key}'}
)