Authentication
Access to the Customer API is protected by a Client Token.
Every request must include a valid token in the Authorization header.
Requests without a token, or with an invalid or expired token, will be rejected with 401 – Unauthorized.
How to obtain a Client Token
If you do not have a token yet, please contact the Customer Success (CS) team responsible for your account.
Tokens are provided exclusively to authorized clients who are enabled to consume Customer API metrics.
Tokens are not automatically generated for all users.
They are issued only upon request to the CS team.
Token Revocation
If you need to revoke an existing token — for example, due to security concerns, team changes, integration updates, or discontinued access — the procedure must also be carried out through the Customer Success (CS) team.
Hand Talk does not provide a public endpoint for revocation. Therefore:
- The client must request revocation directly from their assigned CS representative;
- The current token will be revoked internally;
- A new token can be issued if continued API access is required;
- Revoked tokens become immediately invalid and will return 401 – Unauthorized when used.
Recommendation: always keep internal control over who has access to the token, and request revocation if there is a team change or any suspicion of leakage.
Using the Token in Requests
All authenticated requests must include the following header:
Authorization: Bearer {token}
Example:
curl -X GET "https://customer-api.handtalk.me/plugin/monthly-reports"
-H "Authorization: Bearer {token}"
-H "Content-Type: application/json"
It is important to include
Bearerbefore the token, followed by a space.