Bold360 and BoldChat Developer Center

Getting Started with the Bold360 API

First step for all examples

Define the auth and authHash parameters.

Important: Replace the following variables with your corresponding Account ID, API Setting ID, and API Key.
  • $accountId: Your Bold360 Account ID
  • $apiSettingId: The API Setting ID generated when setup creates the private API Key
  • $apiKey: The auto-generated key of the API setting

The value of date must be the number of milliseconds since 1970-01-01 00:00:00 UTC (Unix epoch time).

accountId=[your account id]
apiSettingId=[your API setting id]
apiKey=[your API key]

auth="$accountId:$apiSettingId:$( date +"%s" )000"
authHash="$auth:$( echo -n "$auth$apiKey" | openssl dgst -sha512 | sed 's/^.* //')"
Remember: The authentication token is valid for 5 minutes.

Sample code for authentication

Download the code samples to learn more about integration. These samples demonstrate a working integration with a fake ticketing system and provide information about authenticating API requests coming from Bold360 and show how to make authenticated requests from your servers to the Bold360 API.

Code Sample: .NET

Code Sample: Java

How is an API request built up?

The following is a sample of a JSON-based REST call can be invoked via the following general URL:, where [AccountID] is your numeric account ID:

https://[API Endpoint]/aid/[AccountID]/data/rest/json/[version]/[method]?auth=[auth]
[API Endpoint]
Accounts in different data regions have different API endpoints. For US data region, the endpoint is, for the EMEA region, the endpoint is
Your numeric account ID.
The value of [version] can be either v1 or v2.

Current API documentation covers version 1. Unless otherwise noted, version 2 acts according to version 1 specifications.

The name of the API method that you want to call.
Your hashed authentication token.

Restrictions and limitations of API requests

Only ports 80 and 443 are allowed to trigger requests. Calls to other ports are ignored. The Bold360 API also implements the following total request limits:

Type Maximum number of requests per second
Request rate limit 100
Record rate limit 2000

Limits are enforced against the aggregate of all API calls made within a second. The window of time to calculate the event rate is 1 second wide.

If rates are exceeded, the caller must wait until the end of the current 1-second window. If the caller tries to circumvent the limit by making 10 or more concurrent requests that trigger the wait, the server responds with a status of 500 (Too many simultaneous requests).


The caller opens 10 threads that make requests in parallel at a rate of 20 per second each thread (200 per second total). After about half a second, 9 threads are going to be made to wait, and the 10th thread will get an error response. The other threads will wait enough that they will not trigger an error immediately, but they will quickly reach the limit again once they resume.

What do you get in an API response?

All methods return a JSON object with a structure depending on the method.

Parameter Type Required Description
callback string no The returned result can be encapsulated in a method call with the given name for use in script tags.

All responses return a Status and Message string, where applicable.

Parameter Type Description
Status string



Message string If an error occurred, returns the error details.
Important: We do not guarantee that the order of returned fields will be static. When designing your solution, it is best not to rely on the position of values.
Tip: Test the output of each method on our interactive page or in Postman.