Authentication
All API requests require authentication using a Bearer token
Getting Your API Token
You can generate API tokens from your dashboard settings. Each token has specific permissions and can be revoked at any time.
Authentication Header Example
Include these headers in all your API requests
Authorization: Bearer YOUR_API_TOKEN
Content-Type: application/json
Example Request
Here's how to make an authenticated request to get your contacts
JavaScript/Node.js
const response = await fetch('https://innotes.com/api/contacts', {
headers: {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Content-Type': 'application/json'
}
});
if (response.ok) {
const contacts = await response.json();
console.log(contacts);
} else {
console.error('Request failed:', response.status);
}
Python
import requests
headers = {
'Authorization': 'Bearer YOUR_API_TOKEN',
'Content-Type': 'application/json'
}
response = requests.get('https://innotes.com/api/contacts', headers=headers)
if response.status_code == 200:
contacts = response.json()
print(contacts)
else:
print(f'Request failed: {response.status_code}')
cURL
curl -X GET "https://innotes.com/api/contacts" \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json"
Security Best Practices
Keep your API tokens secure
Never expose tokens in client-side code
API tokens should only be used in server-side code or secure environments.
Use environment variables
Store your API tokens in environment variables, not in your source code.
Rotate tokens regularly
Generate new tokens periodically and revoke old ones.
Use HTTPS only
Always make API requests over HTTPS to protect your tokens in transit.