Authentication
Learn how to gain API access.
Prerequisites
Before you begin using the OpenPhone API, ensure you have:
An active OpenPhone subscription
Need an account? Follow our account creation guide.
Admin access
Owner or admin privileges in your OpenPhone workspace.
US Messaging Registration Required: To send text messages to US numbers via the API, you must complete US Carrier Registration. Learn more here.
API key generation
The OpenPhone API uses API keys for secure authentication. Follow these steps to get started:
Log in to OpenPhone
Access API Settings
Navigate to the “API” tab under workspace settings. Remember, you need workspace owner or admin privileges to access this tab.
Generate your key
Click “Generate API key” and provide a descriptive label. Each key provides full API access.
Label your keys based on their intended use (e.g., “Production Environment” or “Testing Integration”)
Implement authentication
Include your API key in the Authorization header of each request: Authorization: YOUR_API_KEY
Security guidelines
Your API key carries the same privileges as your OpenPhone account. Treat it with the same level of security as your password.
Best practices
- Keep your API keys confidential
- Don’t share your API keys in publicly accessible areas such as GitHub or client-side code
- Regularly rotate your API keys to enhance security
- If a key is compromised, revoke it immediately and generate a new one
Revoking access
If a key is compromised or no longer needed:
- Navigate to the “API” tab in Workspace Settings
- Locate the specific key
- Click the ellipsis (three dots) icon and select ‘delete’ to immediately revoke access
- Generate a new key if needed
Deleting an API key only affects the integrations using that specific key. Other keys and integrations will continue to function normally.
Was this page helpful?