How to authenticate your API requests and get secure access to all resources

Livestorm’s REST API provides 2 authentication methods: private API tokens and OAuth2. The API token authentication method is available to all validated Livestorm customers who want to build private apps, automate processes, and collect engagement data. The OAuth2 authentication method is only available for Technology Partners who want to build public integrations with Livestorm.

Authentication methods

1. API token

→ Check our dedicated page

2. OAuth2 authentication

→ Check our dedicated page

Security best practices

1. Don't use security tokens on client applications

Make sure that you never use your API token/access token publicly on a frontend page. Any tech-savvy user could check the console and network monitoring, retrieve your API token and make malicious API calls on your behalf.
Double-check that no untrusted peer or system has direct access to your API token or client ID/secret. Also, avoid logging API calls with your API token in plain sight in your backend or monitoring system. Make sure that the source code that uses your API token is private and cannot be accessed publicly. If you're using version control software (e.g Git, SVN, etc.), make sure that your repository is only accessible to trusted stakeholders.

2. Use environment variables

We recommend storing your API tokens and OAuth2 client ID/secret in environment variables instead of hardcoding them in variables.

3. Rotate your API tokens regularly

Finally, don't hesitate to regularly re-generate a new API token. If one of your systems was subject to a data leak or anyone got access to your API tokens, we strongly advise you to re-generate your API token(s).