Create Ticket

Published on Aug 6, 2025

2 minute(s) read

Post

/auth/ticket

This API allows organizations to grant users access to the CommBox platform while bypassing standard authentication methods. The Ticket API returns a session cookie that is added to the login URL. You can limit the token’s lifespan when making the API call or by configuring it in the Privacy and Security module in the CommBox platform.

See important information about the body params in the schema below.

Agent Login Bypass
To bypass the login page without entering the agent’s credentials, append the session cookie returned by the API to the login URL:

Format: Login URL / ?ta= / authentication token (without the quotation marks)
Example: https://commbox.com/login?ta=9M3Wg_fALiPm2gUeX2FinOJz...

Customer Chat Access
To start the chat without manual identification, append the session cookie to the chat login page URL:

Format: apps.Brand URL / chat / the channel ID in the encrypted code / ?ta= / authentication token (without the quotation marks)
Example: https://apps.commbox.com/chat/nex9tHPKdBkD_fAfbuUPABg%3d%3d?ta=9M3Wg_fALiPm2gUeX...

OverrideUserInfo – Optional param for editing the Customer Information record at login.
OneTimeUse – Optional param that limits the token to one usage.

Learn more: https://help.commbox.io/docs/ticket-authentication

Security

HTTP

Type bearer

API key is needed to authorize requests. You can get your API key via the management console.
A Bearer Token is needed to be set in the Authorization header of every API call.
For additional support you can contact us.

Body parameters

Optional description for new mail object in Markdown

Expand All

object

data

object

brand

string

Examplecommbox

username

string

Applicable only for agent authentication; found in the agent’s record

Examplejohn.d

string

For agent authentication this is a strong identifier that has to match email on record

Examplejohn.d@gmail.com

uniqueId

string

Example123456

firstName

string

ExampleJohn

lastName

string

ExampleDoe

phone1

string

Phone must include country code. For agent authentication this is a strong identifier that has to match phone on record

Example442501234567

overrideUserInfo

boolean

(Optional) Applicable for Customer Chat Access. When true, The Customer Information record is updated with data included in the API call.

Exampletrue

oneTimeUse

boolean

(Optional) When true, the API generates a single-use ticket.

Exampletrue

Responses

200

Expand All

object

status

string

Example200

description

string

ExampleOperation successful

response_time

string

Example2025-01-19T14:18:47.63079Z

data

object

encpryptedString

string

ExamplehZ8uTCLgf1HnOwVy_bIEWVJD0VXnIcbMKTT9R6_bW0prs_fYgzbzQCRMpdPZw1FopLHoGJG0VUDFk3zYEfkG_fEf9hnk50lR72BZHp7X_f94jZQbJNP4ysWmRJ3Lq9Q245j3D

400

Bad Request - The request could not be understood by the server. Incoming parameters might not be valid

401

Unauthorized - The supplied credentials, if any, are not sufficient to access the resource

404

Not found - The requested resource is not found

429

Too Many Requests - Too many requests have been made in a short period of time (Throttling)

500

Server Error - The server could not return the representation due to an internal server error

501

Not Implemented - The requested operation is not supported

Was this article helpful?