Skip to main content
POST
/
ai_agent
/
get_access_token
Get Access Token
curl --request POST \
  --url https://vevdoh3hve.execute-api.us-east-1.amazonaws.com/prod/ai_agent/get_access_token \
  --header 'Content-Type: application/json' \
  --data @- <<EOF
{
  "user_id": "user123 // client's customer id",
  "chatbot_id": "8a1e3f18-991b-4a2e-9973-f53e7fc94ff1",
  "client_api_key": "ak-xxxxxxxxxxx"
}
EOF
{
  "data": {
    "access_token": "<string>",
    "refresh_token": "<string>",
    "access_token_expires_at": 1753453415000,
    "refresh_token_expires_at": 1754057315000
  }
}

Documentation Index

Fetch the complete documentation index at: https://docs.chatzy.ai/llms.txt

Use this file to discover all available pages before exploring further.

Securely generate short-lived access_token and long-lived refresh_token for authorized iframe access.
⚠️ Important: This endpoint must be called from your server, not from the client side. The client_api_key is sensitive and should never be exposed on the client side.
Once you obtain the tokens, pass the access_token to the client-side where the iframe will be embedded.

Embed URL for Iframe

Use the following format to embed the iframe securely: 
https://app.chatzy.ai/chatbot-iframe/{chatbot_id}?user_id=<USER_ID>&access_token=<ACCESS_TOKEN>
Chatzy AI will validate the token from query params for every API call made within the iframe, ensuring the user is authorized to access the AI Agent. ⚠️ Important
  • Ensure tokens are stored securely, as refresh token will be used to retrieve a new access token when the old one expires.
  • Refresh token logic is explained in the next API endpoint: /ai-agent/refresh_token.
  • Never expose the client_api_key on the frontend.

Body

application/json
user_id
string
required
Example:

"user123 // client's customer id"

chatbot_id
string<uuid>
required
Example:

"8a1e3f18-991b-4a2e-9973-f53e7fc94ff1"

client_api_key
string
required

AI Agent Auth Key - Can be retrieved from https://app.chatzy.ai/profile

Example:

"ak-xxxxxxxxxxx"

Response

200 - application/json

Access and refresh token response

data
object