Documentation
Authentication
Creating a token
- Open Admin → Agents in the dashboard.
- Click Add agent and select the
CHATBOTrole. - Copy the token from the confirmation dialog — it is displayed only once.
- To rotate a token later, open the agent's ⋮ menu and choose Regenerate token.
Tokens are shown once
The plain-text token is never stored. BXLivechat keeps only the SHA-256 hash. If you lose the token you must regenerate it.
Using a token
Include the token in every request as a Bearer header:
Authorization header
Authorization: Bearer bxl_pat_aB7XyZ...Token properties
| Parameter | Type | Description |
|---|---|---|
Format | string | Prefixed with bxl_pat_ followed by 32 random characters. |
Storage | hash | Only the SHA-256 hash is persisted. The plain-text token cannot be retrieved. |
Scope | organisation | Each token is bound to a single organisation. It can only access that organisation’s data. |
Revocation | instant | Deleting or regenerating the token invalidates it immediately. |
Tracking | audit | Every API call made with the token is logged with the agent ID and timestamp. |
Error response
If the token is missing or invalid the API returns:
401 Unauthorized
{
"error": "Invalid or missing bot token",
"code": "UNAUTHORIZED"
}