Skip to main content

Authentication

All API requests require authentication using an API key.

Getting Your API Key

  1. Log in to livchat.ai/dashboard
  2. Navigate to Settings > API Keys
  3. Click Create API Key
  4. Copy your key immediately (it won’t be shown again)
Store your API key securely. Never expose it in client-side code or public repositories.

Using Your API Key

Include your API key in the Authorization header: 
curl https://api.livchat.ai/v1/session/status \
  -H "Authorization: Bearer lc_live_YOUR_API_KEY"

API Key Types

PrefixEnvironmentUsage
lc_live_ProductionLive WhatsApp messages
lc_test_TestTesting and development

Scopes

API keys have scopes that limit what they can access:
ScopeAccess
whatsapp:*Full access to all WhatsApp endpoints
whatsapp:messagesSend and manage messages
whatsapp:contactsAccess contact information
whatsapp:sessionManage WhatsApp session
whatsapp:groupsManage groups
whatsapp:webhookConfigure webhooks

Error Responses

401 Unauthorized

{
  "error": {
    "code": 401,
    "message": "Invalid API key"
  }
}
Causes:
  • Missing Authorization header
  • Invalid or expired API key
  • Malformed key format

403 Forbidden

{
  "error": {
    "code": 403,
    "message": "API key does not have required scope: whatsapp:messages"
  }
}
Causes:
  • API key doesn’t have permission for the requested endpoint
  • Request a new key with the required scopes

Best Practices

Store API keys in environment variables, not in code:
export LIVCHAT_API_KEY="lc_live_..."
Create new API keys and revoke old ones regularly for security.
Only request the scopes your application needs.
Check the dashboard for API key usage and suspicious activity.

Rate Limits

API requests are rate limited to ensure fair usage:
PlanRequests/minuteRequests/day
Free601,000
Pro30010,000
EnterpriseCustomCustom
When rate limited, you’ll receive: 
{
  "error": {
    "code": 429,
    "message": "Rate limit exceeded",
    "retryAfter": 60
  }
}