Skip to main content

Overview

The Attention API uses API keys for authentication. All API requests must include a valid API key in the request headers to access protected endpoints.

How to Obtain Your API Key

1

Log in to Attention

Navigate to https://app.attention.tech and sign in with your account using Google, Single sign-on (SSO), or your email and password.
2

Open Settings

Once signed in, click your profile avatar in the top-left corner and select Settings from the dropdown menu.
3

Navigate to API Keys

In the sidebar, under the Organization section, select API Keys.
You must have Admin role permissions to access and manage organization-level API keys.
4

Create a New API Key

Click + Create API Key in the top-right corner.You’ll be prompted to:
  • Name your API key – Give it a descriptive name (e.g., “Production Integration” or “Development Testing”)
5

Copy and Store Your API Key

After creation, a modal titled API Key Created will appear showing your key once.
Important: This is the only time you’ll be able to view your API key. Copy it now and store it securely.
Store your API key securely:
  • Use environment variables in your application
  • Use a secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault)
  • Never commit keys to version control

Using Your API Key

Include your API key in the Authorization header of all API requests: 
curl https://api.attention.tech/v2/conversations \
-H "Authorization: Bearer YOUR_API_KEY"

Managing Your API Keys

Rotating API Keys

For security best practices, it’s recommended to rotate your API keys periodically:
  1. Generate a new API key following the steps above
  2. Update your applications to use the new key
  3. Test that all integrations work with the new key
  4. Delete the old API key from the API Keys page

Revoking API Keys

If an API key is compromised or no longer needed:
  1. Go to SettingsAPI Keys
  2. Find the key you want to revoke
  3. Click the menu next to the key
  4. Select Delete
Revoking an API key immediately invalidates it. Any applications using that key will no longer be able to authenticate.

Troubleshooting

401 Unauthorized Error

If you receive a 401 Unauthorized error:
  • Verify your API key is correctly included in the Authorization header
  • Ensure you’re using Bearer before the API key
  • Check that your API key hasn’t been revoked or expired
  • Confirm your account has the necessary permissions for the endpoint

Rate Limits

API requests are subject to rate limiting. If you exceed the rate limit, you’ll receive a 429 Too Many Requests response.
Contact your Attention account manager to discuss rate limit increases for your organization.

Security Best Practices

Never hardcode API keys in your source code. Always use environment variables or secure secret management systems.
# .env file (never commit this)
ATTENTION_API_KEY=your_api_key_here
Create separate API keys for development, staging, and production environments to isolate access and make key rotation easier.
Regularly audit which API keys are being used and delete any that are no longer needed.

Next Steps

API Reference

Explore all available API endpoints and their usage

Workspace Setup

Learn how to manage user roles and permissions
Need help with API authentication? Contact support@attention.com or reach out to your Attention account manager.
I