REST API
Quickstart
Authentication
Website TokenPlugin Token
Rate-Limits
API Libraries
Reference
RTM API
Quickstart
Authentication
Reference
Web Hooks
Quickstart
Plugin Hooks
Website Hooks
Reference
Chatbox SDKs
Web Chat SDK
$crisp MethodsNPM PackageIdentity VerificationLanguage CustomizationCookie PoliciesSession Continuity
iOS Chat SDK
Android Chat SDK
React Native Chat SDK
Plugins
Quickstart
Submissions
Token Scopes
Examples
Settings
QuickstartExamples
Widgets
QuickstartGeneric WidgetiFrame WidgetWidget JS SDKData AccessExamplesReference
Marketplace
Hugo
MCP API
QuickstartServer ExamplesRequest Signing
MCP Server (Beta)
Workflow API
Messaging APIs
WhatsApp Business API
QuickstartConfiguration
Others
Whitelisting our Systems
Server User AgentsServer IP AddressesCrisp Domain Names
Security Practices
REST API | Authentication
Give Feedback

Website Token

Updated on April 1, 2026

Website Tokens are the fastest way to authenticate with the Crisp REST API for a single workspace.

Website tokens are generated directly from the Crisp app for a specific workspace, making them ideal for quick scripts and simple integrations. No Marketplace account required.

Generate Your Token Keypair

Website tokens can be generated in a few clicks:

  1. Open the Crisp Dashboard;
  2. Go to Settings > Workspace Settings > Advanced configuration;
  3. In the API Token section, click Generate Token;
  4. Copy your token credentials (they are only shown once);

Your token keypair is provided as an identifier and secret key, which you need to keep private at any time.

Use Your Token Keypair

Once you have your website token, you can use it to authenticate your HTTP requests to the API.

Authentication Headers

You can authenticate by adding an Authorization header to all your HTTP calls. The Authorization header is formatted as such: Authorization: Basic BASE64(token_id:token_key) (replace BASE64(token_id:token_key) with your Base64 string).

Also, include the X-Crisp-Tier header in your HTTP requests, with the value website. This lets the REST API know that the token you are using is a website token.

Put together, this gives the following headers that must be set on the request:

Authorization: Basic BASE64(token_id:token_key)
X-Crisp-Tier: website
💡 Tip: you may use a tool like an online Base64 Encoder to generate your Basic Auth string. Paste your token_id:token_key string to the ASCII Plain Text input and get your encoded string in the Base64 input.

Authentication Examples

Note that those are raw authentication examples, in most cases you would prefer using the API Libraries available for your programming language.

Command-line (cURL)

curl https://api.crisp.chat/v1/website/{website_id} \
  --get \
  --user "{token_id}:{token_key}" \
  --header "X-Crisp-Tier: website"

Replace {token_id}:{token_key} with your token keypair (keep the middle : separator). Also, replace {website_id} with your workspace identifier (found in Settings > Workspace Settings > Setup Instructions).

If your token keypair and website identifier are valid, then you should see the website details in the response.

Limitations

Website tokens have the following limitations compared to plugin tokens:

  • Single workspace access: A website token can only access the workspace it was generated for;
  • Daily request quota: Limited to 10,000 requests per day;
  • Owner-only management: Only workspace owners can generate, regenerate, or revoke tokens;

For multi-workspace access or configurable quotas, use plugin tokens instead.