search

Authentication

Authentication for REST API and Cloutly Embed.

Use two auth methods depending on integration type:

hashtag
REST API authentication (x-api-key)

Authenticate all REST calls with your API key in request headers.

x-api-key: YOUR_API_KEY_HERE

The key is long-lived and remains valid until rotated from the console.

hashtag
Cloutly Embed authentication (signed JWT)

For iframe embed sessions, your backend signs a short-lived JWT using your Cloutly embed signing key.

Required claims include:

  • externalUserEmail

  • externalBusinessId

  • businessDisplayName

  • firstName

  • lastName

  • role

  • smsLimits

  • iat

  • exp

JWT tokens should be issued server-side only and expired quickly.

PreviousPingNextHost API Domain

Last updated