> ## Documentation Index
> Fetch the complete documentation index at: https://developers.everflow.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to obtain an API key and authenticate requests to the Everflow API.

All requests to the Everflow API must be made over HTTPS and authenticated with an API key. This page covers how to obtain the right key for your user type and how to include it on each request.

## Making requests

The base URL for all API requests is:

```
https://api.eflow.team/v1
```

<Note>
  A small subset of Everflow accounts are hosted on EU servers only. For those accounts the base URL is `https://api-eu.eflow.team/v1`. If you're unsure whether this applies to your account, check with your account manager.
</Note>

Include your API key in the `X-Eflow-API-Key` header on every request. The `Accept` header is optional but can be set to `application/json`. When submitting data via `POST`, `PUT`, or `PATCH`, send the payload as JSON.

```bash theme={null}
curl -H "X-Eflow-API-Key: <your-api-key>" \
  https://api.eflow.team/v1/networks
```

Requests made without authentication will fail with a `401 No Authentication Method Found` error. Using an API key for the wrong portal (e.g. an Affiliate key to access a Network endpoint) returns a `403 Out of realm` error.

## API keys

Each portal has its own API key type. The URL path prefix determines which portal you're accessing:

| Portal          | Base path             | Who creates the key                         | Setup walkthrough                                                                                                                     |
| --------------- | --------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
| **Network**     | `/v1/networks/...`    | A network admin or employee                 | [Security Settings → API Keys](https://helpdesk.everflow.io/customer/how-to-best-utilize-security-settings#security-management-tools) |
| **Affiliate**   | `/v1/affiliates/...`  | A network admin, on the partner's behalf    | [Partner API Keys](https://helpdesk.everflow.io/customer/partner-api-keys-api-documents)                                              |
| **Advertiser**  | `/v1/advertisers/...` | A network admin, on the advertiser's behalf | Ask your account manager — no self-serve option                                                                                       |
| **Marketplace** | `/v1/partners/...`    | The marketplace partner                     | [Managing your Marketplace API Keys](https://helpdesk.everflow.io/collaborator/managing-your-marketplace-api-keys)                    |

<Note>
  **Affiliate and advertiser users cannot create API keys themselves** — a network admin must do it on their behalf. Reach out to your account manager if you need one.
</Note>

<Note>
  **"Partner" vs. "Affiliate":** the Everflow platform UI uses **Partner** as the user-facing label for what the API URL path calls `/affiliates/`. They're the same concept — a partner driving traffic to offers. The API keeps the original `/affiliates/` path for backward compatibility. The **Marketplace** API (`/v1/partners/`) is a separate concept — marketplace partners are external users on `partners.everflow.io` who connect to networks through the Everflow marketplace.
</Note>

The helpdesk articles are the source of truth for UI navigation. We link out so this page stays current automatically when the platform UI changes.

## Key handling

* **Network and Marketplace API keys are shown only once** at creation — store them in a secrets manager or password vault immediately.
* **Affiliate and Advertiser API keys remain visible** to the network admin who created them in the platform UI. If you lose yours, ask the admin to re-share it; the admin doesn't need to issue a new key.
* Each Network API key has its own permission scopes — create narrowly scoped keys per integration rather than reusing a single admin key.
* If a key is compromised, revoke it immediately and issue a new one.
* For IP allowlists, MFA, and broader security configuration, see the [Security Settings guide](https://helpdesk.everflow.io/customer/how-to-best-utilize-security-settings).

## Example requests

```bash Network API theme={null}
curl -H "X-Eflow-API-Key: <your-network-api-key>" \
  https://api.eflow.team/v1/networks
```

```bash Affiliate API theme={null}
curl -H "X-Eflow-API-Key: <your-affiliate-api-key>" \
  https://api.eflow.team/v1/affiliates/affiliate
```

```bash Advertiser API theme={null}
curl -H "X-Eflow-API-Key: <your-advertiser-api-key>" \
  https://api.eflow.team/v1/advertisers/advertiser
```

```bash Marketplace API theme={null}
curl -H "X-Eflow-API-Key: <your-marketplace-api-key>" \
  https://api.eflow.team/v1/partners/connections
```
