API Keys

Introduction

API keys are designed to accomplish two primary goals:

  1. Enable programmatic access to and use of the Kallo API
  2. Enable creation of limited-use access tokens that can be used in client applications

Unlike access tokens, API keys:

  • Do not expire
  • Provide full access to the account for which they were generated
  • Should never be used in a web, mobile, or desktop apps
⚠️ Important

Never include your API key in your software distributions, including web, mobile, and desktop apps. Use access tokens instead.

Obtaining an API Key

While we prepare to expose API key generation in our app, please shoot us an email at api@kallo.ai from the same email address that you use to log in to your Kallo account. When communicating about API keys, we will only accept emails from and send emails to your Kallo account email address.

Format

Unlike access tokens, API keys follow a specific format, which is a dot-concatenated combination of the constant string api-key and the API key string itself. The resulting string is then used as a Bearer token in the Authorization header for requests sent to any Kallo REST API.

For example, if your API key is 05n478Jd2jzedthfpB1p (actual API keys are much longer than this), your requests should include a header that looks like this:

Authorization: Bearer api-key.05n478Jd2jzedthfpB1p