Authentication

All API requests require authentication using a Bearer token

Getting Your API Token

You can generate API tokens from your dashboard settings. Each token has specific permissions and can be revoked at any time.

Authentication Header Example

Include these headers in all your API requests

Authorization: Bearer YOUR_API_TOKEN
Content-Type: application/json

Example Request

Here's how to make an authenticated request to get your contacts

JavaScript/Node.js

const response = await fetch('https://innotes.com/api/contacts', {
  headers: {
    'Authorization': 'Bearer YOUR_API_TOKEN',
    'Content-Type': 'application/json'
  }
});

if (response.ok) {
  const contacts = await response.json();
  console.log(contacts);
} else {
  console.error('Request failed:', response.status);
}

Python

import requests

headers = {
    'Authorization': 'Bearer YOUR_API_TOKEN',
    'Content-Type': 'application/json'
}

response = requests.get('https://innotes.com/api/contacts', headers=headers)

if response.status_code == 200:
    contacts = response.json()
    print(contacts)
else:
    print(f'Request failed: {response.status_code}')

cURL

curl -X GET "https://innotes.com/api/contacts" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Security Best Practices

Keep your API tokens secure

Never expose tokens in client-side code

API tokens should only be used in server-side code or secure environments.

Use environment variables

Store your API tokens in environment variables, not in your source code.

Rotate tokens regularly

Generate new tokens periodically and revoke old ones.

Use HTTPS only

Always make API requests over HTTPS to protect your tokens in transit.