Access Tokens (API Keys)


Please remember that the API key authentication method can be used only for private apps. If you plan to build a public app you have to use OAuth2.

Each access token (or API key) is tied to a specific user and has the same permissions as the user that holds them. Requests made with an access token will act on behalf of a user and will have access to the resources their permissions allow. As an admin, you can easily generate and revoke your access token in the settings of your account.

Example: If you use an Access Token for a user with an Observer Agent role, then you can only do the things that an Observer agent can. Learn more about roles here.

How do I get my API key?

  1. Log in to your Gorgias account
  2. Navigate to Settings β†’ REST API
  3. Click the Create API key button

Once you have your credentials, you can start performing requests directly from the API documentation .

Request example

curl --request GET \
  --url \
  --header 'Authorization: Basic base64encode(USERNAME:API_KEY)'


Since we're using HTTP Basic Authentication, the USERNAME:API_KEY pair has to be a base64 encoded string. Note the : between the USERNAME and API_KEY is a separator used to differentiate between the username and the password.