Skip to content

Authentication & API credentials

The Itefy API uses API keys — long-lived bearer tokens, scoped to a single account.

Create an API key

  1. Open the web app and go to Settings → API keys.

  2. Click Create key and give it a descriptive name (e.g. "Warehouse sync").

  3. Copy the generated token immediately — it is shown only once:

    itf_live_<id>_<secret>
  4. Store it somewhere secure (a secrets manager / environment variable). Itefy only keeps a hash of the secret, so it cannot show it to you again. If you lose it, revoke the key and create a new one.

Settings → API keys.

Plan requirement

External API keys are available on Business and Enterprise plans. On other plans the API keys page shows an upgrade prompt instead.

Authenticate a request

Send the token as a Bearer credential in the Authorization header:

Authorization: Bearer itf_live_<id>_<secret>

The key is bound to one account, so you don't need to specify the account separately — and every record your integration creates is attributed to the key's owner for a full audit trail.

bash
curl -H "Authorization: Bearer itf_live_<id>_<secret>" \
  https://api.itefy.com/v1/whoami

A missing or invalid key returns 401 with error.code = invalid_api_key.

Rate limits

API-key traffic is limited to 120 requests per minute per key. Every response includes X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers; exceeding the limit returns 429 Too Many Requests. Back off and retry after the reset.

Revoke a key

In Settings → API keys, click Revoke next to a key. Revocation is immediate and permanent — any integration using that token will start receiving 401. Revoke keys that are unused or may have been exposed.

Next steps