Authentication & API credentials
The Itefy API uses API keys — long-lived bearer tokens, scoped to a single account.
Create an API key
Open the web app and go to Settings → API keys.
Click Create key and give it a descriptive name (e.g. "Warehouse sync").
Copy the generated token immediately — it is shown only once:
itf_live_<id>_<secret>Store it somewhere secure (a secrets manager / environment variable). Itefy only keeps a hash of the secret, so it cannot show it to you again. If you lose it, revoke the key and create a new one.
Plan requirement
External API keys are available on Business and Enterprise plans. On other plans the API keys page shows an upgrade prompt instead.
Authenticate a request
Send the token as a Bearer credential in the Authorization header:
Authorization: Bearer itf_live_<id>_<secret>The key is bound to one account, so you don't need to specify the account separately — and every record your integration creates is attributed to the key's owner for a full audit trail.
curl -H "Authorization: Bearer itf_live_<id>_<secret>" \
https://api.itefy.com/v1/whoamiA missing or invalid key returns 401 with error.code = invalid_api_key.
Rate limits
API-key traffic is limited to 120 requests per minute per key. Every response includes X-RateLimit-Limit, X-RateLimit-Remaining and X-RateLimit-Reset headers; exceeding the limit returns 429 Too Many Requests. Back off and retry after the reset.
Revoke a key
In Settings → API keys, click Revoke next to a key. Revocation is immediate and permanent — any integration using that token will start receiving 401. Revoke keys that are unused or may have been exposed.
Next steps
- Usage examples — ready-to-run
curlcalls - API reference — every endpoint, interactively