Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.foxreach.io/llms.txt

Use this file to discover all available pages before exploring further.

API Key Authentication

The FoxReach API uses API keys to authenticate requests. All API requests must include your API key in the X-API-Key header. 
curl -X GET https://api.foxreach.io/api/v1/leads \
  -H "X-API-Key: otr_your_api_key_here"

Creating an API Key

1

Navigate to Settings

Open the dashboard and go to Settings > API Keys.
2

Create a new key

Click Create API Key, give it a descriptive name (e.g., “CRM Integration”), and select the scopes you need.
3

Copy your key

Your full API key is shown only once after creation. Copy it and store it securely.
Your API key is shown only once at creation time. If you lose it, you’ll need to create a new one.

Key Format

API keys follow the format otr_ followed by a random string: 
otr_a1b2c3d4e5f6g7h8i9j0...
The otr_ prefix helps you identify FoxReach API keys in your codebase.

Scopes

Each API key has one or more scopes that control what actions it can perform:
ScopeDescription
readRead access to all resources (leads, campaigns, accounts, templates, webhooks)
writeCreate, update, and delete resources
By default, new keys are created with both read and write scopes.

Workspace Scoping

API keys are scoped to a specific workspace. All resources accessed through an API key are limited to that workspace’s data. This means:
  • A key created in Workspace A cannot access data in Workspace B
  • Resources created via the API are automatically assigned to the key’s workspace

Security Best Practices

API keys should only be used in server-side code. Never include them in JavaScript bundles, mobile apps, or any code that runs in the browser.
Store your API key in environment variables rather than hardcoding it:
export FOXREACH_API_KEY="otr_your_key_here"

import os
api_key = os.environ["FOXREACH_API_KEY"]
Create new keys periodically and revoke old ones. You can have multiple active keys at once to enable zero-downtime rotation.
If your integration only needs to read data, create a key with only the read scope.

Error Responses

If authentication fails, the API returns a 403 error: 
{
  "detail": "Invalid or missing API key"
}
Common causes:
  • Missing X-API-Key header
  • Invalid or revoked API key
  • Expired API key