Skip to main content
The Reply API uses Bearer token authentication. Every request must include an Authorization header with your Reply API key.

Get your API key

1

Sign in

Log in to your Reply.io dashboard.
2

Open API key settings

Navigate to Settings → API Key.
3

Create or copy a key

Create a new API key, or copy an existing one. Treat the key like a password.

Authenticate a request

Pass the key as a Bearer token in the Authorization header: 
GET /v3/whoami HTTP/1.1
Host: api.reply.io
Authorization: Bearer YOUR_API_KEY

curl

curl https://api.reply.io/v3/whoami \
  -H "Authorization: Bearer YOUR_API_KEY"

Verify your setup

Call /v3/whoami to confirm the credentials are valid. A successful response returns your user ID: 
{ "userId": 12345 }

Unauthorized response

If the Authorization header is missing, malformed, or contains a revoked or unknown token, the API returns 401 Unauthorized with an empty body. The response advertises the expected scheme in the WWW-Authenticate header: 
HTTP/1.1 401 Unauthorized
Content-Length: 0
WWW-Authenticate: Bearer
There is no JSON payload — clients should rely on the status code and header rather than parsing a response body.

Keeping your key safe

  • Never commit your API key to source control or paste it into public chats.
  • Rotate the key from Settings → API Key if you suspect it was exposed.
  • Use a separate key per integration so you can revoke one without disrupting the others.