Skip to main content
You will mint a server-side API key, verify it with GET /me, and list a resource. No SDK required.
1

Create an API key

In the dashboard, open Settings → API keys → New key. Name the key after the integration that will use it (e.g. crm-sync-prod). Copy the aw_live_… value the moment it appears.
The full secret is shown exactly once. If you lose it, revoke the key and create a new one. Treat API keys as server-side credentials — never embed them in browser code, mobile binaries, or version control.
2

Authenticate

Every request carries the key in the Authorization header as Bearer aw_live_…. The base URL for v1 is https://api.awardee.dev/v1.
curl https://api.awardee.dev/v1/me \
  -H "Authorization: Bearer aw_live_4f8a3c7e2d1b9a5c6f8e3d2c1b4a9f7e"
A 200 response confirms the key is wired up. The body identifies the org and the key:
{
  "org": {
    "id": "8f3a9d2e-1b4c-4f5d-9e8a-7c3b2a1d0f9e",
    "name": "Acme Inc"
  },
  "api_key": {
    "id": "2c1b4a9f-7e8d-4a3c-9b1f-6e5d4c3b2a1f",
    "name": "crm-sync-prod"
  }
}
A 401 with missing_api_key means the Bearer prefix is missing. A 401 with invalid_api_key means the key isn’t recognized — usually a typo or a key from a different environment.
3

List a resource

With auth working, list the chatbots in the org. Default page size is 25.
curl https://api.awardee.dev/v1/chatbots \
  -H "Authorization: Bearer aw_live_4f8a3c7e2d1b9a5c6f8e3d2c1b4a9f7e"
The response is a paginated list envelope:
{
  "object": "list",
  "total": 3,
  "page": 1,
  "page_size": 25,
  "data": [
    {
      "object": "chatbot",
      "id": "1b4c4f5d-9e8a-7c3b-2a1d-0f9e8f3a9d2e",
      "name": "Support bot",
      "status": "active",
      "created_at": "2026-04-01T10:14:33Z"
    }
  ]
}
4

Read response headers

Every response carries a request id and rate-limit counters. Log the request id in your client — support will ask for it.
X-Request-Id: req_8fK2x9aLp0qR
X-RateLimit-Limit-Minute: 60
X-RateLimit-Remaining-Minute: 59
X-RateLimit-Reset-Minute: 1716461700
X-RateLimit-Limit-Hour: 1000
X-RateLimit-Remaining-Hour: 999
X-RateLimit-Reset-Hour: 1716465300

Next steps

Authentication

Key formats, rotation, and the auth error codes.

Pagination

Offset vs cursor pagination and how to walk every page.

Idempotency

Retry POSTs safely with Idempotency-Key.

Webhooks

Receive signed events for every resource that emits them.