All global platform API require an authorization token to work. The authorization token, once obtained, contains all of the information required for subsequent calls to be completed.

The <SERVICE ENDPOINT> value mentioned in all API calls refers to the route assigned to your bot. Make sure to retrieve the correct route of your bot that you can find under the Settings > Developers section of your bot details.

If you are generating an authorization token for a channel service (e.g. Custom Channel), the token must be requested from the service endpoint and not from the general API route one.

Account wide Token Request

Using your account API Key, that can be found under your Profile section in your account details, you can require an Authorization token using the following request:

curl --location --request POST '<SERVICE ENDPOINT>/authorization/integration' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>"

An authorization token grants access to all of the API methods for about 60 minutes. When the authorization token expires, a new authorization token must be requested by repeating the very same request.

Bot Level Token Request

Some API endpoints, such as Xenioo Database API Interface will require a token related to a very specific chatbot. To create such token the authorization request must contain the bot API Token and Secret like in the example below:

curl --location --request POST '<SERVICE ENDPOINT>/authorization/integration' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>",
	"BotAPIKey":"<Your bot API Key>",
	"BotAPISecret":"<Your bot API Secret>"

You can find both bot API Key and bot API Secrets under the Developers section of the settings top menu of your bot details.


If the request is successful, Xenioo will reply with an authorization token that may look like this:

    "token": "dmO/lbiq5FN+oyrAF3BLhdo[...]",
    "expires": 60

The expire information indicates for how many minutes the token is valid.

Response Codes

This endpoint will reply with the following standard HTTP codes.




Ok. The request has been successfully fulfilled.


Bad Request. The call does not contain the data required to be fulfilled.


Not Found. The specified account API key has not been found


Unauthorized. The specified account API key is related to a free account or an account that cannot integrate with Global Platform API.

Last updated