# Authentication

All API requests must include a valid API key. Keys can be generated in your Wolfeo account under Settings → API.

WARNING

API keys are tied to a paid account. Free trial accounts cannot generate keys.

# Bearer Token (Recommended)

Pass the key in the Authorization header:

curl --request GET "https://api.wolfeo.me/v1/contact?contact_id=1" \
  --header "Authorization: Bearer YOUR_API_KEY"

# Query Parameter (Legacy)

For backward compatibility you can pass the key as api_key in the query string. This method is not recommended for new integrations as URLs (including keys) may appear in server logs.

curl --request GET "https://api.wolfeo.me/v1/contact?contact_id=1&api_key=YOUR_API_KEY"

# Invalid Key

If the key is missing or invalid, every endpoint returns:

{
    "success": false,
    "error": {
        "code": "UNAUTHORIZED",
        "message": "Invalid or missing API key"
    }
}

HTTP status: 401 Unauthorized

# Key Management

You can create multiple keys (e.g. one per integration).
Keys can be named to track which application is using them.
A key can be disabled at any time from Settings → API without deleting it.
Deleting a key immediately revokes all access for that integration.

# What's next

Errors & Status Codes — understand error codes and HTTP statuses
Contacts — create and manage contacts via the API

← Introduction Errors & Status Codes →