Skip to main content

Welcome to Inbox Enterprise API

The Inbox Enterprise API provides programmatic access to manage conversations, prospects, and team workflows across messaging platforms. Currently supporting X (Twitter) DMs, with upcoming support for Instagram, LinkedIn, TikTok, and WhatsApp.

Authentication

All API requests require authentication using a Bearer token. Include your API token in the Authorization header of every request.

Obtaining Your API Token

  1. Log in to your Inbox dashboard at inboxapp.com
  2. Navigate to Settings → API Keys
  3. Generate a new API token
  4. Store it securely - you’ll only see it once
Never commit your API token to version control or share it publicly. Treat it like a password.

Making Your First Request

Test your authentication by fetching your team information: 
const response = await fetch('https://inboxapp.com/api/v1/team', {
  headers: {
    'Authorization': 'Bearer YOUR_API_TOKEN',
    'Content-Type': 'application/json'
  }
});

const team = await response.json();
console.log(team);

Expected Response

{
  "id": "team_abc123",
  "name": "Acme Corp",
  "createdAt": "2024-01-15T10:30:00.000Z",
  "plan": "enterprise"
}

Common Authentication Errors

401 Unauthorized

Your token is missing, invalid, or expired. 
{
  "error": "Unauthorized",
  "message": "Invalid or missing authentication token"
}
Solutions:
  • Verify your token is correctly copied (no extra spaces)
  • Check the Authorization header format: Bearer YOUR_TOKEN
  • Generate a new token if yours has expired

403 Forbidden

Your token is valid but lacks permission for the requested resource. 
{
  "error": "Forbidden",
  "message": "Insufficient permissions"
}
Solutions:
  • Verify your account has the necessary permissions
  • Check if your team plan supports this feature

Setting Up a Client

For production applications, create a reusable API client: 
import axios, { AxiosInstance } from 'axios';

class InboxClient {
  private client: AxiosInstance;

  constructor(apiToken: string) {
    this.client = axios.create({
      baseURL: 'https://inboxapp.com/api/v1',
      headers: {
        'Authorization': `Bearer ${apiToken}`,
        'Content-Type': 'application/json'
      }
    });

    // Add error handling
    this.client.interceptors.response.use(
      response => response,
      error => {
        if (error.response?.status === 401) {
          console.error('Authentication failed. Check your API token.');
        }
        return Promise.reject(error);
      }
    );
  }

  async getTeam() {
    const { data } = await this.client.get('/team');
    return data;
  }

  // Add more methods as needed
}

export default InboxClient;

Using Your Client

const client = new InboxClient(process.env.INBOX_API_TOKEN);

try {
  const team = await client.getTeam();
  console.log('Connected to team:', team.name);
} catch (error) {
  console.error('Failed to authenticate:', error.message);
}

Security Best Practices

Use Environment Variables

Store your API token in environment variables, never in code:
INBOX_API_TOKEN=your_token_here

Rotate Tokens Regularly

Generate new tokens periodically and revoke old ones in your dashboard.

Use HTTPS Only

Always use HTTPS for API requests. The API automatically redirects HTTP to HTTPS.

Monitor Usage

Regularly review API logs in your dashboard to detect unauthorized access.

Next Steps

Quick Start

Send your first DM in 5 minutes

Core Concepts

Learn about threads, prospects, and the data model

API Reference

Explore all available endpoints

Managing Threads

Learn to work with conversations