Authentication & API Tokens

All API endpoints require valid authentication to allow access. An API token can be generated in the Integrations Hub section of the Everee web app:

The API token, and the numerical tenant/company ID, should be included in all requests using two headers:

authorization: basic [API token encoded as base64]
x-everee-tenant-id: [numerical tenant or company ID]

Note that if your API token begins with sk_, you will need to Base64-encode the token before including it in your authorization header.

Once an API token has been deleted or rotated, and it has expired, it will no longer be valid for authentication and any requests using that token will respond with an HTTP 401 error.

Managing access for multiple Company instances

An API token is tied to one company instance and grants access only to that instance while active. Clients integrating with multiple company instances must store a token and an ID for each company, and select the appropriate API token and ID for each request to perform operations in each company.