Guides
Start typing to search…

Admin API Access

RCS Studio provides an Admin API for integration partners to manage brands, agents, assets, and messaging configurations programmatically. This is distinct from connector APIs and the in-app builder — it is for programmatic account and resource management.

Looking for the full endpoint reference? Jump to the API Reference.

Getting Your Credentials

  1. Log in to RCS Studio.
  2. Navigate to the Developer page at app.rcsstudio.ai/developer.
  3. Create a new set of API credentials to receive a Client ID and Client Secret.
  4. Store these values securely — the client secret is only shown once.
⚠️

Important: If you lose your client secret, you will need to generate a new set of credentials.

Authentication

All Admin API endpoints require a Bearer token obtained through the OAuth 2.0 client credentials flow.

Obtaining an Access Token

Exchange your credentials for an access token by making a POST request to the token endpoint:

POST /oauth2/token HTTP/1.1
Host: auth.rcsstudio.ai
Content-Type: application/x-www-form-urlencoded
Authorization: Basic <base64(client_id:client_secret)>

grant_type=client_credentials

The Authorization header value is your Client ID and Client Secret joined by a colon (:), then Base64-encoded.

Response

{
    "access_token": "eyJhbGciOi...",
    "token_type": "Bearer",
    "expires_in": 3600
}
FieldTypeDescription
access_tokenstringA signed JWT used to authenticate API requests.
token_typestringAlways Bearer.
expires_innumberToken lifetime in seconds (3600 = 1 hour).

Making API Requests

Every API request must include the Authorization header with your Bearer token.

Example

curl https://api.rcsstudio.ai/agents \
  -H "Authorization: Bearer $ACCESS_TOKEN"

Token Lifecycle

  • Access tokens are signed JWTs valid for 1 hour (3600 seconds).
  • Your application should cache the token and reuse it for multiple requests.
  • A 401 Unauthorized response means your token has expired. Obtain a new one and retry.

Refreshing a Token

There is no refresh token. To get a new access token, repeat the same client credentials exchange:

curl -X POST https://auth.rcsstudio.ai/oauth2/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -u "$CLIENT_ID:$CLIENT_SECRET" \
  -d "grant_type=client_credentials"

Your application should request a new token before the current one expires. Use the expires_in value from the token response to schedule when to refresh, rather than waiting for a 401 response.

Best Practices

  • Cache the token — Store it in memory or a short-lived cache. Avoid requesting a new token for every API call.
  • Refresh proactively — Use the expires_in value from the token response to schedule a refresh before expiry, instead of reacting to 401 errors.
  • Keep credentials secure — Store Client ID and Client Secret in environment variables or a secrets manager. Never commit them to source control or log them.
  • Use server-side only — The client secret must never be exposed in client-side code (browsers, mobile apps). Admin API credentials are for server-to-server integrations.

Updated 11 days ago

What’s Next