API docs

API authentication

Use bearer API keys to authenticate requests to the external AskAnyDocs team API.

Last updated: 2026-03-21

AskAnyDocs uses API keys for the external team API.

How authentication works

The external API expects a bearer token in the Authorization header:

Authorization: Bearer YOUR_API_TOKEN

If the header is missing, empty, or invalid, the API returns:

{
  "message": "Unauthorized"
}

with HTTP status 401.

Generate a key

Create the token in the AskAnyDocs dashboard under the API keys section.

The token belongs to the current team. All external API responses are scoped to that team.

Example request

curl -X GET "https://app.askanydocs.com/api/external/bots" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json"

Team scoping

The bearer token is resolved to an active API token record. Once validated, the API only returns bots, conversations, and messages for that token's team.

Security recommendations

  • treat the token as a secret
  • keep separate keys for production and development
  • rotate keys if they are exposed
  • do not embed team API keys into browser code

Scope

This page covers only the external API under /api/external.

Previous

API overview
Next

External bots, conversations, and messages API

Related articles

API overview

Start here to understand the external AskAnyDocs API surface before using specific endpoints.

External bots, conversations, and messages API

Use the external team API to list bots and retrieve conversation or message history for a team.

Knowledge sources API

Learn what the external API exposes today and why knowledge-source management is not part of the public API reference yet.