Authentication - DailyBot Developers

Learn how to authenticate with the DailyBot API using API keys, required headers, and exchange tokens.

Authentication

All DailyBot API requests require authentication via an API key passed in the request headers. This page covers the required headers, authentication methods, and security best practices.

API Key Authentication

DailyBot uses header-based authentication. Include your API key in the X-API-KEY header with every request.

Required Headers

Name Type Required Description
X-API-KEY string Required Your unique API key obtained from the DailyBot dashboard.
Content-Type string Required Must be set to application/json.
Accept string Required Must be set to application/json.
Authenticated request 
curl -X GET "https://api.dailybot.com/v1/me/" \
  -H "X-API-KEY: your_api_key" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json"
Response 200 OK
json 
{
  "id": "usr_abc123",
  "email": "you@company.com",
  "first_name": "Jane",
  "last_name": "Doe",
  "role": "admin"
}
Response 401 Unauthorized — Missing or invalid API key
json 
{
  "detail": "Authentication credentials were not provided."
}

Info

An API key carries the context of both the organization and the key owner. All API calls are scoped to the organization the key belongs to, and permission checks reflect the key owner's access levels.

Base URL & Versioning

All API endpoints use the following base URL:

text 
https://api.dailybot.com/v1/

The API is versioned via the URL path. The current and only version is v1. It is recommended that you configure your HTTP client with the full base prefix including the version to ensure forward compatibility.

Exchange Token

The Exchange Token mechanism allows you to make API calls on behalf of other organization members. This is useful for scenarios like:

  • Giving kudos to team members programmatically
  • Filling in check-in responses for other users
  • Performing actions in the context of a different user

Obtaining Exchange Tokens

There are two ways to obtain an exchange token:

1. Via ChatOps & Custom Commands

When a user triggers a custom command in chat, the command receives an exchange token that can be used to make API calls in that user's context.

2. Via Dedicated API Endpoint

You can request an exchange token for a specific user through a dedicated endpoint, provided your API key has the necessary permissions.

Feature Disabled by Default

Exchange Token authentication is disabled by default. If you need to use exchange tokens, please contact our support team with details on your use case.

Rate Limits

The DailyBot API enforces rate limits to ensure fair usage. If you exceed the limit, you will receive a 429 Too Many Requests response.

Response 429 Too Many Requests
json 
{
  "detail": "Request was throttled. Expected available in 30 seconds."
}

Tip

Enterprise plans include higher rate limits. Contact sales for details on rate limit tiers.

Security Best Practices

  • Never commit API keys to version control or expose them in client-side code
  • Use environment variables or a secrets manager to store credentials
  • Rotate keys regularly and immediately revoke any compromised keys
  • Revoke unused keys from the Integrations dashboard
  • Use HTTPS only — all API requests must use TLS encryption
  • Monitor API usage through the dashboard for unexpected activity