Skip to main content

Authentication

The TimelinesAI API uses Bearer token authentication. Every request must include your API token in the Authorization header.

Getting your API token

1

Sign in to TimelinesAI

Go to app.timelines.ai
2

Open API settings

Navigate to IntegrationsPublic API
3

Copy your token

Your token is displayed on this page. Click Copy to copy it.

Using your token

Include the token in the Authorization header of every request: 
Authorization: Bearer YOUR_API_TOKEN

Example request

curl -X GET "https://app.timelines.ai/integrations/api/chats" \
  -H "Authorization: Bearer 4d2d0239-e28c-4f4a-8a4d-3a3ca40056b8"

Token security

Your API token provides full access to your workspace. Treat it like a password.

Best practices

Never hardcode tokens in your source code. Use environment variables:
export TIMELINESAI_API_TOKEN="your-token-here"

const token = process.env.TIMELINESAI_API_TOKEN;
Add your environment files to .gitignore:
.env
.env.local
.env.*.local
If you suspect your token has been exposed, generate a new one immediately from the API settings page.
Never expose your API token in client-side code (browsers, mobile apps). Always make API calls from your backend server.

Error responses

401 Unauthorized

If your token is missing or invalid: 
{
  "status": "error",
  "message": "Invalid or expired token"
}
Common causes:
  • Missing Authorization header
  • Token copied incorrectly (check for extra spaces)
  • Token has been regenerated

403 Forbidden

If your token is valid but lacks permission: 
{
  "status": "error",
  "message": "Access denied"
}
Common causes:
  • Attempting to access resources from another workspace
  • Feature not available on your plan

Token scope

Your API token has access to:
ResourceAccess
ChatsRead & Write
MessagesRead & Write
LabelsRead & Write
FilesRead & Write
WhatsApp AccountsRead only
WebhooksRead & Write
All operations are scoped to your workspace. You cannot access data from other TimelinesAI accounts.