Skip to content
Aivapad AivaPad Docs

Authentication

Bearer token authentication

Section titled “Bearer token authentication”

Every request to https://api.web.aivapad.io/api/external/v1/* must include a valid API token in the Authorization header.

Generate an API token

Section titled “Generate an API token”
  1. Sign in to your AivaPad account.
  2. Go to Settings > API & Integrations.
  3. Create a new token.
  4. Select permissions based on your business use case:
    • leads:read for listing leads
    • leads:write for create/update/delete lead operations
    • customers:read for listing and fetching customers
    • customers:write for create/update/delete customer operations
    • appointments:read for listing and fetching appointments (including conflict checks)
    • appointments:write for create/update/delete appointment operations
  5. Copy and store your token securely. Tokens start with aiva_ and are shown only once.

Send authenticated requests

Section titled “Send authenticated requests”

Use this header format:

Authorization: Bearer aiva_YOUR_TOKEN_HERE

Example:

Terminal window
curl -X GET https://api.web.aivapad.io/api/external/v1/leads \
  -H "Authorization: Bearer aiva_YOUR_TOKEN_HERE"

Common auth errors

Section titled “Common auth errors”
  • 403 Forbidden: token is missing, invalid, expired, or missing required permission.
  • 403 Forbidden (Tenant not identified): token could not be matched to an active tenant context.

Security best practices

Section titled “Security best practices”
  • Keep tokens in secure integration environments only.
  • Never expose API tokens in public frontend code.
  • Rotate and revoke tokens regularly based on your security policy.