Colleckt

Appearance

API Authentication

API requests are authenticated using Bearer tokens issued through the Colleckt dashboard.

Obtaining an API Token

Via the Dashboard

  1. Log in to your workspace dashboard
  2. Navigate to Settings → API Tokens
  3. Click New API Token
  4. Enter a descriptive name (e.g., "Production Integration")
  5. The token is displayed once — copy and store it securely

Token Properties

PropertyDefault
Expiration180 days from creation
ScopeFull access to all API endpoints for the workspace
StorageHashed in the database (plaintext shown only at creation)

Authenticating Requests

Include the token in the Authorization header:

text
Authorization: Bearer 1|abc123def456ghi789jkl012mno345pqr678stu901vwx234yz

All API endpoints that require authentication will return a 401 Unauthorized response if the token is missing or invalid.

Token Lifecycle

Creation

Tokens are created with an expiration date.

Usage

Tokens work across all flows within your workspace. A single token can be used for all API endpoints.

Expiration

When a token expires:

  • All requests using it will receive a 401 Unauthorized response
  • The token remains visible in the dashboard until deleted
  • A new token must be created to replace the expired one

Revocation

Tokens can be revoked (deleted) at any time:

  • Revoked tokens are immediately invalidated
  • Any application using the token will receive 401 errors on subsequent requests
  • Revoked tokens are removed from the dashboard

Security Best Practices

  • Never expose tokens in client-side code (browser JavaScript, mobile apps)
  • Store tokens in environment variables or a secrets manager
  • Use different tokens for production and sandbox environments
  • Rotate tokens periodically — create a new token and update your application
  • Delete unused tokens to reduce the risk of exposure
  • Monitor token usage — check activity logs for unexpected API calls

Error Responses

Missing Token

json
{
  "message": "Unauthenticated."
}

Status: 401 Unauthorized

Invalid Token

json
{
  "message": "Unauthenticated."
}

Status: 401 Unauthorized

Expired Token

json
{
  "message": "Unauthenticated."
}

Status: 401 Unauthorized

Built for virtual address providers requiring USPS 1583 compliance.

Copyright © 2023 - 2026 Colleckt. All rights reserved.