Quickstart
Base Endpoint for all API calls
Right now, the API is only available on the https://api.worqhat.com
domain. This is the only
official domain that is applicable for all API Calls to the Application.
The WorqHat API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs. The API key you use to authenticate the request determines whether the request you are sending as a user is based on which Organization as all our Billings are rerouted to the Organization you are using the API keys for.
The WorqHat API doesn't support bulk updates. You can work on only one object per request. The WorqHat API differs for every account as we release new versions and tailor functionality. These docs are customized to your version of the API.
If you're using a version of the API that is older than the latest version, you may see older endpoints and outdated response schemas. We recommend that you use the latest version of the API whenever possible. We release new versions of the API frequently, so you may need to update your API integration periodically. We also send out email notifications about new versions of the API. You can subscribe to these notifications in your WorqHat account settings.
Base URL for all API calls
https://api.worqhat.com/
Authentication
You can get your Organization's API Key and your API Key from the Workspace Admin Panel. You can find the API Tokens screen under the Workspace Settings or by visiting the Developers Portal. You can also find the API Tokens screenby visiting the following URL:
https://$workspace.worqhat.app/workspace/developers
$workspace is the name of your Workspace. You can find the name of your Workspace in the URL of your Workspace. For example, if your Workspace URL is https://myworkspace.worqhat.app, then your Workspace name is myworkspace.
In case you are not the Admin/Leader/Developer of the Workspace, you will not be able to access the API Tokens screen. In such a case, please contact your Workspace Admin/Leader/Developer to get the API Keys or request them to add you as a Developer to the Workspace.
You can copy the API Keys from the API Tokens screen and use them in your API Calls. You can also generate new API Keys from the API Tokens screen. You can also delete the API Keys from the API Tokens screen. Please note that deleting the API Keys will revoke access to the API for the respective API Keys.
Creating API Keys
In order to use the WorqHat API, you must first obtain an API key and the ORG Key. We offer a genenrous free tier that gets reset every month. You can also upgrade to a paid plan to get more API calls and more features.
This key serves as a unique identifier that allows you to access WorqHat's API services. To generate an API key, follow the steps below:
- Go to the WorqHat API website and click on the Get Started button.
- Join the WorqHat community by entering your email address and clicking on the Join Now button. You can also sign up using your Google or Microsoft account.
- Once you've signed up, you'll be redirected to the dashboard. Click on the Create a Workspace button on the left-hand side of the screen.
- Add a name for your workspace and click on the Create Workspace button. We use workspaces to organize your projects and keep them separate from each other. This allows you to manage your projects more efficiently.
- Once you've created a workspace, you'll be redirected to the Workspace Signin page. Sign in to your workspace using your email address and password that you have set up during the signup process.
- After signing in, you'll be redirected to the dashboard. Click on the Try Now button on the Build Your Own Applications with our API card.
- You'll be redirected to the API page. You can find your API key and ORG key on the right-hand side of the screen. Click on the Copy button to copy the keys to your clipboard.
- Also, make sure to add your Domain name to the Allowed Domains section. This will allow you to make API calls from your domain. For example, if you're making API calls from a website hosted on
https://example.com
, you'll need to addexample.com
to the Allowed Domains section.
Here's an example of what the API key & ORG key looks like:
curl --request POST \
--url https://api.worqhat.com/authentication \
--header 'Authorization: Bearer <token>'
If you're an Existing Customer but do not have access to the API Tokens screen, please contact our Support Assistance. You can visit https://help.worqhat.com or reach out to us at mailto:support@worqhat.com, and we will set you up with an Account.
In order to use WorqHat's API, you will need to authenticate every request. We rely onAuthorization Bearer <YOUR_API_KEY>
tokens to authenticate API requests.
curl
--location --request GET 'https://api.worqhat.com/$endpoint' \
Tokens are scoped to an admin's permission settings and your workspace. Only workspace admins can enable API Access for the members of the workspace. Once the access has been enabled, you can generate API tokens in your workspace.
Security is of utmost importance when working with API keys. Your API keys carry many privileges, so it's crucial to keep them secure. As part of our security measures, we require you to whitelist your Apps before you can use the API keys. However, once your Apps are whitelisted, you can use these API keys anywhere, including in your client-side code. We only serve valid requests from the endpoints listed in your App's whitelist. If you don't have any endpoints listed, requests to the API will fail.
:::warning
Please note that only code that sends a request from Client-Side requires authentication. If you are using our NodeSDKs or sending request from Server Code, it will not be restricted. In such scenarios you can add your API-Key to the .env
file.
:::
WORQHAT_API_KEY=<YOUR_API_KEY>
To ensure that your requests are authenticated and authorized to access our API, you must send the WORQHAT_API_KEY
with every request that you send. Additionally, you have the option to set a per-request key, which is often useful for Connect applications that use multiple API keys during the lifetime of a process. Methods on the returned object reuse the same API key.
Finally, it's important to note that all API requests must be made over HTTPS. Calls made over plain HTTP will fail, and API requests without authentication will also fail. By following these best practices, you can help keep your API requests secure and prevent unauthorized access to your data.