The RASL API uses token-based authentication to securely identify and
authorize API requests.

All API requests must include a valid API token in the Authorization
header using the Bearer authentication scheme.

Authentication Method

RASL APIs use Bearer Token Authentication.
Each request must include the following HTTP header:

Alternatively, you can use the X-API-Key header:

Requests without a valid token will be rejected with a 401 UNAUTHORIZED

Rate Limiting

API requests are rate-limited per token to ensure platform stability and prevent abuse.
You can monitor your usage through the following response headers:

X-RateLimit-Limit: Total requests allowed

X-RateLimit-Remaining: Remaining requests

X-RateLimit-Reset: Unix timestamp when limit resets

Exceeding the limit will result in a 429 RATE_LIMIT_EXCEEDED

Getting Your V2 API Token

To generate an API token for RASL API V2, you must log in to your account and create a scoped token through the API Management panel.

Step 1: Log in to RASL

Step 2: Navigate to API Management

After logging in, go to: System Settings → API Management

This section allows you to manage API access and tokens for your tenant.

Step 3: Open V2 Token Management

Inside API Management, click: Manage V2 API Tokens

This section is dedicated to creating and managing scoped tokens for the RASL API v2.

Step 4: Create a New Token

Click Create Token.

You will be prompted to configure the token settings:

Token Name

Provide a descriptive name (e.g., Backend Server, Mobile App , CRM Integration).

Scopes

Select the required scopes based on your use case.

Examples:

messages:send

messages:read

templates:read

account:read

templates:sync

Grant only the minimum scopes necessary for security best practices.

Rate Limit

Set the requests-per-minute (RPM) limit for this token.
The limit cannot exceed your subscription plan allowance.

Expiration (Optional)

You may configure an expiration date for enhanced security.

Step 5: Save and Secure the Token

After creation:

Copy the token immediately

Store it securely in a password manager or environment variable

Never expose it in frontend or client-side applications

Do not share it publicly

For security reasons, the token may not be displayed again after creation.

Security Recommendation

Each integration (backend server, automation worker, third-party system) should use a separate token with limited scopes and controlled rate limits.

This improves security, isolation, and operational control.

Authentication

Authentication Method#

Rate Limiting#

Getting Your V2 API Token#

Step 1: Log in to RASL#

Step 2: Navigate to API Management#

Step 3: Open V2 Token Management#

Step 4: Create a New Token#

Token Name#

Scopes#

Rate Limit#

Expiration (Optional)#

Step 5: Save and Secure the Token#

Security Recommendation#