REST API
Quickstart
Authentication
Website TokenPlugin Token
Rate-Limits
API Libraries
Reference
RTM API
Quickstart
Authentication
Reference
Web Hooks
Quickstart
Plugin Hooks
Website Hooks
Reference
Chatbox SDKs
Web Chat SDK
$crisp MethodsNPM PackageIdentity VerificationLanguage CustomizationCookie PoliciesSession Continuity
iOS Chat SDK
Android Chat SDK
React Native Chat SDK
Plugins
Quickstart
Submissions
Token Scopes
Examples
Settings
QuickstartExamples
Widgets
QuickstartGeneric WidgetiFrame WidgetWidget JS SDKData AccessExamplesReference
Marketplace
Hugo
MCP API
QuickstartServer ExamplesRequest Signing
MCP Server (Beta)
Workflow API
Messaging APIs
WhatsApp Business API
QuickstartConfiguration
Others
Whitelisting our Systems
Server User AgentsServer IP AddressesCrisp Domain Names
Security Practices
REST API
Give Feedback

Authentication

Updated on April 1, 2026

Most API resources are protected, and therefore require that you authenticate using your tokens.

To start with the REST API, you first need to generate a token keypair, that allows you to authenticate against the API for all further requests. This token is permanent, and is to be re-used for each request you make to the REST API.

Choose Your Authentication Method

Crisp offers two authentication methods for the REST API:

Method Best For Setup Time Quotas
Website Token Quick scripts, single workspace integrations Minutes 10,000 req/day
Plugin Token Production integrations, multi-workspace access Minutes (some scopes require approval) 5,000 req/day (configurable)

Website Token

Website tokens are generated directly from the Crisp app, making them ideal for quick scripts and simple integrations:

  • No extra account required: Generate tokens directly from your Crisp workspace;
  • Instant setup: Get started in minutes, no approval needed;
  • Simple management: Regenerate or revoke tokens from your workspace settings;
💡 Recommended if you only need to access a single workspace.

Get started with Website Tokens.

Plugin Token

Plugin tokens are generated via the Crisp Marketplace, providing advanced features for production integrations:

  • Multi-workspace access: Use a single token across multiple websites;
  • Configurable quotas: Request higher rate-limits as your integration grows;
  • Token scopes: Fine-grained scopes and permissions for each token;
💡 Recommended if you need multi-workspace access or are building a public plugin.

Get started with Plugin Tokens.

Security Considerations

Your token keypair must be kept private in any situation. This token lets you access the data of websites that installed your plugin, or the workspace you generated it for.

If you suspect any leak of your token, eg. you commited it on GitHub by mistake, then roll it immediately:

  • Website Tokens: Regenerate from the Crisp app Settings > Workspace Settings > Advanced configuration;
  • Plugin Tokens: Roll from your Marketplace dashboard in a few clicks;

In both cases, the previous token will be immediately revoked and made invalid.

Any leak of this token could result in the data of subscribed websites being dumped (within the limits of what your token scopes permit). Do take this seriously! Crisp declines any responsibility for website data leaks caused by the mismanagement of tokens.