Rocket.Chat provides several authentication methods for secure API communication, ranging from basic username-and-password authentication to OAuth integrations with providers such as Google, Facebook, and Twitter.
To access protected endpoints in the Rocket.Chat API, you must include both your user ID and a valid authentication token as headers. Use the authentication token as x-Auth-Token and the user ID as x-User-Id in your request headers.
Authentication tokens
Authentication tokens uniquely identify a user’s active session within a Rocket.Chat workspace. They validate identity and permissions, providing secure access to API features and resources.
When calling any endpoint that requires authentication, include your token in the X-Auth-Token header.
Rocket.Chat supports two main types of authentication tokens: authToken and personal access token.
authToken: An authToken is a temporary authentication token returned to a user after a successful login through any login endpoint. Workspace administrators can also generate an authToken for a user using the Create User Token endpoint.
personal access token: Personal access tokens are permanent tokens that users can generate for themselves to access the API securely without exposing their primary credentials. Refer to the Manage Personal Access Tokens guide for creating tokens through the UI, or see Get Personal Access Tokens to create one via an API endpoint.