Iqra AIIqra AI
Introduction
Platform Management
Build & Deploy
Integrations
Developers
API Reference

API Keys

Generating and managing secure access tokens for programmatic control.

View as Markdown

Iqra AI provides a full REST API, allowing you to manage your businesses, trigger calls, and retrieve conversation history programmatically. API Keys are the credentials used to authenticate these requests.

Permission Scopes

To ensure security, Iqra AI allows granular control over what an API key can do. Access is defined by two dimensions: Business Scope (Where it can act) and User Management (What it can change).

1. Business Scope

Determines which workspaces the key can access.

ScopeDescriptionBest For
UnrestrictedGrants access to all businesses owned by your user account.Global reporting scripts.
RestrictedLimits access to specific Business Workspaces only.Production apps, client-side integrations, or team members.

2. User Management Scope

Determines if the key can access sensitive account-level data (Billing, Whitelabeling, User Profile).

  • Allow User Management Requests: (Default: Disabled)
    • Enabled: The key can access /api/v1/user endpoints.

Security Best Practice

Least Privilege Principle: Always keep User Management Disabled unless you are specifically building a dashboard to manage billing or whitelabeling.

For running agents or making calls, use a Restricted Business Key with No User Management access.

Managing API Keys

You can generate and revoke keys in the API Keys Tab of the User Dashboard.

Create New Key

Click the "Add API Key" button.

Configure Permissions

  1. Name: Give it a descriptive name (e.g., "Zapier Integration - Dental Clinic").
  2. Business Scope: Choose "Unrestricted" or select specific Businesses.
  3. User Management: Toggle User Management Access only if necessary.

Copy Key

Important: The key is only shown once upon creation. Copy it immediately and store it securely (e.g., in your .env file). If you lose it, you will have to generate a new one.

Using the API

All API requests must be authenticated via the HTTP Header.

Endpoint & Reference

The base URL for the API is:

https://app.iqra.bot/api/v1

API Reference

Want to see all available endpoints? Visit the interactive Developer API Reference to test requests directly in your browser.

Authentication Header

Pass your key in the Authorization header using the Token prefix.

Example: Get User Profile
curl -X GET https://app.iqra.bot/api/v1/user \
  -H "Authorization: Token iqra_sk_12345abcdef" \
  -H "Content-Type: application/json"

Keep it Secret

Never expose your API Key in client-side code (browsers, mobile apps). Always make API requests from your backend server or use our Middleware.

On this page

Permission Scopes1. Business Scope2. User Management ScopeManaging API KeysCreate New KeyConfigure PermissionsCopy KeyUsing the APIEndpoint & ReferenceAuthentication Header