Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.sahut.id/llms.txt

Use this file to discover all available pages before exploring further.

The Sahut API uses API key authentication. Every request must include your API key in the Authorization header. There are no other authentication methods for the REST API.

Generate an API key

  1. Log in to your Sahut workspace
  2. Go to Settings → Integrations → API Keys
  3. Click Buat API Key (Create API Key)
  4. Enter a label to identify this key (e.g., “CRM Integration” or “Chatbot”)
  5. Click Buat (Create)
  6. Copy the key immediately — Sahut only shows the full key once
Store your API key securely. Sahut cannot show you the key again after you close the creation dialog. If you lose it, revoke it and create a new one.

Pass the API key in requests

Include your API key in the Authorization header of every request using the Bearer scheme: 
curl https://api.sahut.id/v1/conversations \
  -H "Authorization: Bearer sk_live_YOUR_API_KEY_HERE"

const response = await fetch('https://api.sahut.id/v1/conversations', {
  headers: {
    'Authorization': 'Bearer sk_live_YOUR_API_KEY_HERE',
    'Content-Type': 'application/json'
  }
});
const data = await response.json();

Authentication errors

If your API key is missing or invalid, the API returns: 
{
  "error": {
    "code": "unauthorized",
    "message": "Invalid or missing API key",
    "status": 401
  }
}
Common causes:
  • Key not included — You forgot the Authorization header
  • Wrong format — Use Bearer YOUR_KEY, not just YOUR_KEY
  • Key revoked — The key was deleted; generate a new one
  • Wrong workspace — The key belongs to a different workspace

Revoking API keys

If an API key is compromised or no longer needed:
  1. Go to Settings → Integrations → API Keys
  2. Find the key by its label
  3. Click Cabut (Revoke)
Revoking a key is immediate. Any requests using that key will receive a 401 Unauthorized response.

Security best practices

  • Never expose API keys in client-side code — Your API key in front-end JavaScript is visible to anyone who views your page source
  • Use environment variables — Store keys in .env files or your platform’s secret manager
  • Create separate keys per integration — This way you can revoke one key without breaking others
  • Rotate keys periodically — Especially for keys used in production systems