Skip to main content

Get Your API Token

  1. Log in to your Inbox dashboard at inboxapp.com
  2. Navigate to Settings → API Keys
  3. Click Generate New Token
  4. Copy the token immediately — you won’t see it again
Store your API token securely. Never commit it to version control or share it publicly.

Using the Token

Include your token in the Authorization header of every request: 
Authorization: Bearer YOUR_API_TOKEN

Environment Variable Setup

# Add to your shell profile or .env file
export INBOX_API_TOKEN="your_token_here"

Making Requests

import axios from 'axios';

const client = axios.create({
  baseURL: 'https://inboxapp.com/api/v1',
  headers: {
    'Authorization': `Bearer ${process.env.INBOX_API_TOKEN}`,
    'Content-Type': 'application/json'
  }
});

const { data: team } = await client.get('/team');
console.log('Connected to:', team.name);
Expected response: 
{
  "id": "team_abc123",
  "name": "Acme Corp",
  "createdAt": "2024-01-15T10:30:00.000Z",
  "plan": "enterprise"
}

Common Errors

401 Unauthorized

Token is missing, invalid, or expired. 
{
  "error": "Unauthorized",
  "message": "Invalid or missing authentication token"
}
Fix:
  • Check for typos or extra whitespace in your token
  • Verify the Authorization header format: Bearer YOUR_TOKEN
  • Generate a new token if yours has been revoked

403 Forbidden

Token is valid but lacks permission. 
{
  "error": "Forbidden",
  "message": "Insufficient permissions"
}
Fix:
  • Verify the resource belongs to your team
  • Check if your plan includes the requested feature

Security Best Practices

Use Environment Variables

Never hardcode tokens. Load from environment variables or a secrets manager.

Rotate Regularly

Generate new tokens periodically. Revoke old ones in your dashboard.

Server-Side Only

Never expose tokens in client-side code, mobile apps, or public repositories.

Monitor Usage

Review API logs in your dashboard to detect unusual activity.

Next Steps

Quickstart

Send your first message

Core Concepts

Understand the data model

Error Codes

All error types and recovery

Rate Limits

API limits and backoff