Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.reply.io/llms.txt

Use this file to discover all available pages before exploring further.

The Reply API uses Bearer token authentication. Every request must include an Authorization header with your Reply API key.

Get your API key

1

Sign in

Log in to your Reply.io dashboard.
2

Open API key settings

Navigate to Settings → API Key.
3

Create or copy a key

Create a new API key, or copy an existing one. Treat the key like a password.

Authenticate a request

Pass the key as a Bearer token in the Authorization header: 
GET /v3/whoami HTTP/1.1
Host: api.reply.io
Authorization: Bearer YOUR_API_KEY

curl

curl https://api.reply.io/v3/whoami \
  -H "Authorization: Bearer YOUR_API_KEY"

Verify your setup

Call /v3/whoami to confirm the credentials are valid. A successful response returns your user ID: 
{ "userId": 12345 }

Unauthorized response

If the Authorization header is missing, malformed, or contains a revoked or unknown token, the API returns 401 Unauthorized with an empty body. The response advertises the expected scheme in the WWW-Authenticate header: 
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Bearer
There is no JSON payload — clients should rely on the status code and header rather than parsing a response body.

Master API key

The Master API key provides centralized, team-level access to the Reply API. Unlike a per-user key (which authenticates as the single user it belongs to), a master key can act on behalf of any user inside the workspace it was issued for — useful for team-wide automation, cross-user reporting, and bulk operations.

Availability

  • Workspace-scoped only. A master key authenticates calls within the single workspace it was generated in. Organization-level master keys — a single credential spanning every workspace in an organization — are coming soon.

Permissions and access control

  • The master key can be generated and viewed only by the workspace owner.
  • It must be generated manually the first time — there is no auto-issue on workspace creation.
  • The master key is unique per workspace.

Keeping your key safe

  • Never commit your API key to source control or paste it into public chats.
  • Rotate the key from Settings → API Key if you suspect it was exposed.
  • Use a separate key per integration so you can revoke one without disrupting the others.