Skip to main content

Authentication

The GB Chat API uses API keys to authenticate requests. You can manage your API keys from the Dashboard.

API Key Format

API keys follow this format:

gbk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • gbk_live_ - Fixed prefix identifying GB Chat live API keys
  • Followed by 64 hexadecimal characters

Using Your API Key

Include your API key in the X-API-Key header with every request:

curl -X POST https://inboxapi.workmatic.in/api/v1/message/send \
  -H "X-API-Key: gbk_live_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"to": "919876543210", "template": "hello_world", "language": "en"}'

Security Best Practices

Keep Your Key Secret

  • Never expose your API key in client-side code (JavaScript, mobile apps)
  • Don't commit API keys to version control
  • Use environment variables to store keys
# .env file
GBCHAT_API_KEY=gbk_live_your_api_key_here
// Node.js example
const apiKey = process.env.GBCHAT_API_KEY;

IP Whitelisting

For additional security, you can restrict API access to specific IP addresses:

  1. Go to Settings > Public API in your dashboard
  2. Add your server's IP addresses to the whitelist
  3. Only requests from whitelisted IPs will be accepted
tip

Leave the IP whitelist empty to allow requests from any IP address.

Rotate Keys Regularly

If you suspect your API key has been compromised:

  1. Go to Settings > Public API
  2. Click Regenerate to create a new key
  3. Update your application with the new key
  4. The old key is immediately invalidated

Generating a New API Key

  1. Log in to your Dashboard
  2. Navigate to Settings > Public API
  3. Click Generate API Key (or Regenerate if you already have one)
  4. Copy the key immediately - it won't be shown again

Revoking API Access

To completely disable API access:

  1. Go to Settings > Public API
  2. Click Revoke to delete your API key
  3. All API requests will be rejected until you generate a new key

Error Responses

Missing API Key

{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "API key is required. Provide it in the X-API-Key header."
  }
}

Invalid API Key

{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid API key."
  }
}

API Disabled

{
  "success": false,
  "error": {
    "code": "API_DISABLED",
    "message": "API access is disabled for this account."
  }
}

IP Not Allowed

{
  "success": false,
  "error": {
    "code": "IP_NOT_ALLOWED",
    "message": "Request from this IP address is not allowed."
  }
}