Skip to main content

Overview

TelemanAI uses two authentication methods depending on the endpoint:
  1. Laravel Sanctum - Token-based authentication for standard API endpoints
  2. WordPress Integration Token - Custom token authentication for WordPress-integrated endpoints
  3. SaaS Key - Environment-based authentication for subscription management endpoints

Authentication Methods

Laravel Sanctum Authentication

Sanctum provides token-based authentication for standard API endpoints.

Obtaining a Token

Tokens are typically obtained through the Laravel application’s authentication flow. Once authenticated, you’ll receive a bearer token.

Using the Token

curl -X GET "https://your-domain.com/api/user" \
  -H "Authorization: Bearer YOUR_SANCTUM_TOKEN" \
  -H "Accept: application/json"

WordPress Integration Token

WordPress-integrated endpoints use a custom user_token authentication method.

Middleware

Endpoints protected by the wordpress middleware require a valid user_token parameter.

How It Works

The user_token is validated against the third_parties table:
  • Token is looked up in the ThirdParty model
  • If valid, the associated user is returned
  • If invalid, returns 401 Unauthorized

Using the WordPress Token

curl -X GET "https://your-domain.com/api/user-campaign-list?user_token=YOUR_USER_TOKEN" \
  -H "Accept: application/json"

SaaS Key Authentication

Subscription and expiry endpoints use the check.expiry middleware which validates a saas_key parameter.

Middleware

The check.expiry middleware validates the saas_key against the environment variable SAAS_KEY.

Using the SaaS Key

curl -X POST "https://your-domain.com/api/check-expiry" \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{
    "saas_key": "YOUR_SAAS_KEY",
    "domain": "customer-domain.com"
  }'

Error Responses

Unauthorized (401)

Returned when authentication fails: 
{
  "error": "Unauthorized"
}

Security Best Practices

Never expose your API tokens, user tokens, or SaaS keys in client-side code or public repositories.
  • Store tokens securely in environment variables
  • Use HTTPS for all API requests
  • Rotate tokens periodically
  • Implement token expiration policies
  • Monitor for suspicious API activity

Next Steps

Campaign API

Learn how to manage campaigns via API

Subscription API

Check subscription status and usage limits

Build docs developers (and LLMs) love

Get started for freeTalk to us