All global platform API require an authorization token to work. The authorization token, once obtained, contains all of the information required for subsequent calls to be completed.

An authorization token can be requested using the following call:

Account wide Token Request

Using your account API Key, you can require an Authorization token using the following request:

curl --location --request POST 'https://<NODE>' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>"

An authorization token grants access to all of the API methods for about 60 minutes. When the authorization token expires, a new authorization token must be requested by repeating the very same request.

Bot Level Token Request

Some API endpoints, such as Xenioo Database API Interface will require a token related to a very specific chatbot. To create such token the authorization request must contain the bot API Token and Secret like in the example below:

curl --location --request POST 'https://<NODE>' \
--header 'Content-Type: application/json' \
--data-raw '{
	"AccountAPIKey":"<Account API Key>",
	"BotAPIKey":"<Your bot API Key>",
	"BotAPISecret":"<Your bot API Secret>"


If the request is successful, Xenioo will reply with an authorization token that may look like this:

    "Token": "dmO/lbiq5FN+oyrAF3BLhdo[...]",
    "Expires": 60

The expire information indicates for how many minutes the token is valid.

Response Codes

This endpoint will reply with the following standard HTTP codes.




Ok. The request has been successfully fulfilled.


Bad Request. The call does not contain the data required to be fulfilled.


Not Found. The specified account API key has not been found


Unauthorized. The specified account API key is related to a free account or an account that cannot integrate with Global Platform API.

Last updated