Authentication

All API requests require authentication using an API key. You can generate API keys from your CubeConnect dashboard under Settings > API Keys.

Authentication Methods

Bearer Token (Recommended)

Include your API key in the Authorization header:

http

Authorization: Bearer YOUR_API_KEY

X-API-KEY Header

Alternatively, use the X-API-KEY header:

http

X-API-KEY: YOUR_API_KEY

Multi-Tenant Support

If your API key is associated with multiple tenants, specify the tenant using the X-TENANT-ID header:

http

X-TENANT-ID: 123

If omitted, the first available tenant will be used.

Base URL

https://cubeconnect.io/api/v1

Example Request

cURLPHPJavaScript

bash

curl -X POST https://cubeconnect.io/api/v1/messages/send \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "phone": "+966501234567",
    "message_type": "text",
    "data": {
      "body": "Hello from CubeConnect!"
    }
  }'

php

$response = Http::withToken('YOUR_API_KEY')
    ->post('https://cubeconnect.io/api/v1/messages/send', [
        'phone' => '+966501234567',
        'message_type' => 'text',
        'data' => [
            'body' => 'Hello from CubeConnect!',
        ],
    ]);

javascript

const response = await fetch('https://cubeconnect.io/api/v1/messages/send', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
    phone: '+966501234567',
    message_type: 'text',
    data: {
      body: 'Hello from CubeConnect!',
    },
  }),
})

Error Responses

Status	Error Code	Description
`401`	`AUTHENTICATION_REQUIRED`	Missing API key
`401`	`INVALID_API_KEY`	Invalid API key
`403`	`API_KEY_NO_TENANT`	API key is not linked to any tenant
`403`	`TENANT_NOT_FOUND`	Specified tenant not found for this API key

json

// 401 - Invalid API key
{
  "success": false,
  "error": {
    "code": "INVALID_API_KEY",
    "message": "Invalid API key."
  }
}

// 403 - Tenant not found
{
  "success": false,
  "error": {
    "code": "TENANT_NOT_FOUND",
    "message": "Tenant not found for this API key."
  }
}

Security Best Practices

Never expose your API key in client-side code, public repositories, or logs
Rotate keys regularly from the dashboard
Use environment variables to store your API key
Restrict access by generating separate keys for different environments (development, staging, production)

Authentication ​

Authentication Methods ​

Bearer Token (Recommended) ​

X-API-KEY Header ​

Multi-Tenant Support ​

Base URL ​

Example Request ​

Error Responses ​

Security Best Practices ​

Authentication

Authentication Methods

Bearer Token (Recommended)

X-API-KEY Header

Multi-Tenant Support

Base URL

Example Request

Error Responses

Security Best Practices