Help Centre / Developer API & Webhooks
🛡️

API authentication guide

Use the generated endpoint and Bearer token safely for every external request.

Developer API & Webhooks6 min read

Required header

Every inbound request must include the Authorization header with the API token generated for that connection.

Header format

  1. Authorization: Bearer YOUR_API_TOKEN
  2. Content-Type: application/json
  3. Optional: X-BOS-Idempotency-Key for duplicate protection.

Security best practice

Keep one token for one external system. If a token is exposed, regenerate it from the connection page and update the external app.

Related help

Getting started with Kasaloma BOSSet up company profile and brandingAdd team users and choose rolesDeveloper API monitoring, cleanup and production healthAPI v1 compatibility lock and changelog

Need direct support?

Contact Kasaloma support if you cannot find the answer or your workspace needs checking.

Contact support