Authenticating requests

All API requests require authentication using an API key. Include your API key in the Authorization header:

Authorization: Api-Key YOUR_API_KEY

Generating API Keys

Generate API keys in your Allo account settings.

Each API key has specific scopes that determine what operations it can perform:

Scope	Description
`WEBHOOKS_READ_WRITE`	Create, read, and update webhook configurations
`CONVERSATIONS_READ`	Read call records and history
`CONTACTS_READ`	Read contact information
`SMS_SEND`	Send SMS and MMS messages

curl -X GET "https://api.withallo.com/v1/api/contacts" \
  -H "Authorization: Api-Key YOUR_API_KEY"

If your API key is invalid or missing, you’ll receive a 401 Unauthorized response:

{
  "code": "API_KEY_INVALID",
  "details": null
}

If your API key lacks the required scope for an endpoint, you’ll receive a 403 Forbidden response:

{
  "code": "API_KEY_INSUFFICIENT_SCOPE",
  "details": [
    { "message": "required=CONTACTS_READ", "field": "scope" }
  ]
}