Authentication
IBviz's API uses short-lived access tokens with a refresh-token flow, the same mechanism used to authenticate the web app. Tokens are issued for both anonymous and email-based accounts, so the API respects whichever sign-up method your organization uses.
Every request is authenticated with a Bearer token. Tokens expire regularly and are refreshed via a dedicated endpoint, so integrations are expected to handle token rotation rather than relying on a single long-lived key.
📌 Full endpoint documentation is shared with paying customers. Get in touch to discuss request access.