Authentication

The Twenty2 API uses HTTP Basic Authentication. Every request must include an Authorization header with your Base64-encoded credentials.

Step 1: Get your API credentials

Log in to your Twenty2 account at app.twentytwo.in
Click the profile icon in the top-right corner
Go to Integrations → Build with Twenty2 API
Under API Keys, click Create new
Give your key a name and click Create
A Credentials modal will appear showing your API Key and API Secret

Step 2: Build your token

Combine your API Key and API Secret in the format below, then Base64-encode the result:

base64(api_key:api_key_secret)

Example — on the command line:

echo -n "your_api_key:your_api_key_secret" | base64

Step 3: Pass the header

Include the encoded token in the Authorization header of every request:

Authorization: Basic <base64(api_key:api_key_secret)>

Full example:

curl -X POST "https://api.twentytwo.in/api/agent/trigger-outbound-call" \
  -H "Authorization: Basic N1VHdXFJamRyOTZTVjNpOlZSVFlsMUtW..." \
  -H "Content-Type: application/json" \
  -d '{ ... }'

Security best practices

Your API Secret should only ever be used server-side. Never include it in browser JavaScript, mobile apps, or any code that is visible to end users.

If you suspect an API key has been exposed, delete it immediately from Profile → Integrations → Build with Twenty2 API and create a new one.

Create a separate API key for each integration or environment (e.g. one for your CRM, one for your internal dashboard). If one key is compromised, you can delete just that key without affecting the others.

Authentication Errors

HTTP Status	Code	Meaning
`401`	`UNAUTHORIZED`	API key is missing or invalid
`403`	`FORBIDDEN`	API key does not have access to this resource

If you receive a 401, verify that your Authorization header is correctly formatted and that the Base64 encoding is applied to the full api_key:api_key_secret string.

Was this page helpful?