Skip to main content
The G-Tateth API supports two authentication methods: API keys (recommended for server-to-server) and JWT tokens (for user-authenticated requests).

API Key Authentication

API keys are the recommended method for server-to-server communication. They provide secure, long-lived access to the API.

Creating an API Key

  1. Log in to your G-Tateth account
  2. Navigate to Settings → Developer Console
  3. Click “Create API Key”
  4. Choose your environment (Production or Staging)
  5. Select permissions for the key
  6. Copy your API key (it’s only shown once!)

Using Your API Key

Include your API key in the Authorization header: 
curl -H "Authorization: Bearer sk_live_your_api_key_here" \
  https://api.g-tateth.com/api/v1/conversations
Or use the X-API-Key header: 
curl -H "X-API-Key: sk_live_your_api_key_here" \
  https://api.g-tateth.com/api/v1/conversations

API Key Types

  • Production keys (sk_live_...) - Use in production environments
  • Test keys (sk_test_...) - Use for development and testing
Test keys are automatically blocked in production environments for safety.

API Key Permissions

When creating an API key, you can specify which permissions it has:
  • read:conversations - Read conversations
  • write:conversations - Create/update/delete conversations
  • read:customers - Read customers
  • write:customers - Create/update/delete customers
  • read:webhooks - Read webhooks
  • write:webhooks - Create/update/delete webhooks
  • read:analytics - Read analytics data
See the API Keys reference for more details.

JWT Authentication

JWT tokens can be used for user-authenticated requests. Obtain a JWT token through the authentication endpoints. 
curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  https://api.g-tateth.com/api/v1/conversations

Security Best Practices

  1. Never commit API keys to version control - Use environment variables
  2. Rotate keys regularly - Set up automatic rotation if possible
  3. Use test keys for development - Keep production keys secure
  4. Limit permissions - Only grant the minimum permissions needed
  5. Use IP whitelisting - Restrict API key access to specific IPs
  6. Monitor usage - Regularly check API key usage logs

Error Responses

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "success": false,
  "error": "Invalid or expired API key",
  "code": "API_KEY_INVALID"
}
Common error codes:
  • API_KEY_INVALID - Invalid API key
  • API_KEY_EXPIRED - API key has expired
  • API_KEY_INACTIVE - API key is inactive
  • TENANT_SUSPENDED - Tenant account is suspended