Skip to main content

Overview

GoBlue uses a simple API key authentication system for webhook integrations and external services. Your API keys are automatically generated when your account is set up during onboarding and can be managed through the app.

API Key Management

Automatic Generation

When your GoBlue account is set up during onboarding, an API key is automatically generated for you. This key is used to:
  • Authenticate webhook requests to your forms
  • Access the GoBlue API for message retrieval
  • Validate permissions for automated actions

Finding Your API Key

1

Open Settings

Navigate to the “Settings” tab in the GoBlue app.
2

View API Information

Your API key is displayed in the “API Access” section. You can copy it to your clipboard by tapping the copy button.
Keep your API key secure and never share it publicly. Anyone with your API key can send messages on your behalf.

Authentication Methods

Webhook Authentication

For webhook endpoints, authentication is handled automatically through the form URL structure: 
https://api.goblue.app/v1/forms/{form-id}/webhook
The form-id in the URL serves as the authentication mechanism, ensuring only authorized submissions reach your forms.

API Key Authentication

For direct API access, include your API key in requests: URL Parameter Method: 
GET https://api.goblue.app/v1/messages/{api-key}
Header Method: 
curl -X GET https://api.goblue.app/v1/messages \
  -H "Authorization: Bearer {your-api-key}" \
  -H "Content-Type: application/json"

Security Best Practices

  • Never commit API keys to version control
  • Store them as environment variables in production
  • Rotate keys if you suspect they’ve been compromised
  • Use different keys for development and production if possible
  • Use HTTPS for all webhook endpoints
  • Validate incoming webhook data structure
  • Implement rate limiting to prevent abuse
  • Monitor webhook logs for suspicious activity
  • Keep your shortcuts private unless sharing is necessary
  • Regularly review which shortcuts have access to GoBlue
  • Remove unused shortcuts to minimize attack surface

API Key Regeneration

If you need to regenerate your API key:
1

Contact Support

Currently, API key regeneration requires contacting our support team at [email protected].
2

Provide Account Information

Include your account email and reason for key regeneration in your support request.
3

Update Integrations

Once your new key is generated, update all your webhook integrations and API calls to use the new key.

Troubleshooting Authentication

Common Issues

Possible Causes:
  • Form capturing is disabled
  • Incorrect webhook URL format
  • Invalid JSON payload structure
Solutions:
  • Verify “Enable capturing” is toggled on
  • Double-check the webhook URL includes the correct form ID
  • Validate your JSON payload matches expected field names
Possible Causes:
  • Expired or revoked API key
  • Incorrect key format in requests
  • Network connectivity issues
Solutions:
  • Verify the API key is correctly copied
  • Check your network connection
  • Contact support if issues persist
Possible Causes:
  • Shortcuts app permissions not granted
  • GoBlue app not properly logged in
  • iOS system restrictions
Solutions:
  • Reinstall the GoBlue shortcut
  • Verify you’re logged into GoBlue app
  • Check iOS Settings > Shortcuts for permissions

Rate Limits

GoBlue implements rate limiting to ensure service stability:
  • Webhook Endpoints: 100 requests per minute per form
  • API Endpoints: 1000 requests per hour per API key
  • Message Sending: 50 messages per minute per account
Rate limits are subject to change based on account type and usage patterns. Contact support for higher limits if needed.

Next Steps

Webhook Integration

Learn how to integrate webhooks with your existing systems

API Reference

Explore the complete GoBlue API documentation