Security considerations
Agent, customer, server and API calls must be authenticated with either a token or a token and a full signature, depending on your implementation to ensure that you are connected to an authorized user or server.
The Bold360 API only sends data to endpoints with proper SSL certificate configuration. To protect sensitive information, only HTTPS requests are accepted. The endpoint URL must be a fully qualified domain name (FQDN). IP addresses will not work.
Simple Authentication (Token Only)
[Account ID]:[API Setting ID]:[Timestamp]:[Hashed authentication code]
The authorization parameter should be passed in the
auth parameter.
- Account ID: Your Bold360 account ID
- API Settings ID: Generated when you create the API key
- API key: The
auto-generated API key for a specific API Settings ID.
Remember: Save this key when you create an API setting key. For security reasons, the key will be obfuscated once a new setting is created. See also Set up your account to work with the Bold360 API.
- Timestamp: The number of milliseconds since 1970-01-01 00:00:00 UTC (Unix epoch time)
- Hashed authentication code: SHA-512 hex-encoded hash of [Account ID]:[API Setting ID]:[Timestamp][API Key]
When you use the interactive page, the hashed auth parameter is automatically created for you.
Sample URL
https://api.boldchat.com/aid/123/data/rest/json/v1/UpdateChat?ChatID=5&auth=123%3A456%3A1234567890000%3AF160D6870926C259E7D4FEB7D201965E172808FC264CF7FB6E7E0D82529D9A51059F29E8EE6C100DC5F6420A5ABE6B5E231E3BB30FC26340CC1AD345DAC59620
Parameter | Type | Required | Description |
---|---|---|---|
auth | string | yes | Authentication token |
Signed Authorization (Optional)
Signed authentication is performed using a hashless authentication token and a signed parameter.
Sample URL
https://api.boldchat.com/aid/123/data/rest/json/v1/UpdateChat?ChatID=5&auth=123%3A456%3A1234567890000&signed=signed%26auth%26ChatID&signature=FD846AE3587689E4EAC09F7F26B6D3E998548AC06107E00FBC9733F4077EB2319E2115538E815BEB7A08548A7F33C3DC158EB56273CC2C3D9BB474DD0AAA2689
Parameter | Type | Required | Description |
---|---|---|---|
auth | string | yes | Authentication token |
signed | string | yes | URL-encoded, ampersand-separated list of signed parameters |
signature | string | yes | SHA-512 hex-encoded hash of the signed data |
unsigned | string | no | When present, parameters not included in either the signed or unsigned parameters are ignored |