Every request to the API requires two authentication headers. These credentials identify your CometChat app and authorize access to its resources.
How do I authenticate?
Include the following headers on every API request:
| Header | Description |
|---|
appid | Your CometChat App ID — uniquely identifies your CometChat app |
apikey | Your CometChat API Key — authorizes the request |
curl https://{appId}.api-{region}.cometchat.io/v3/business-messaging/api/channels \
-H "appid: YOUR_APP_ID" \
-H "apikey: YOUR_API_KEY"
Keep your apiKey secret. Do not expose it in client-side code or public repositories.
How does app scoping work?
All resources are scoped to a CometChat app. The appid header determines which app’s data you are accessing. Channels, templates, campaigns, and analytics are all isolated per app.
This means:
- Each CometChat App ID represents a separate app with its own isolated data
- Resources created under one
appid are invisible to other apps
- You can manage multiple apps by switching the
appid header
Both headers are required on every request. Omitting either one returns a 401 Unauthorized error.
Where do I find my credentials?
- Log in to the CometChat Dashboard
- Select your application
- Navigate to API & Auth Keys
- Copy your App ID and API Key
What errors can I expect?
| Status Code | Reason |
|---|
401 | Missing or invalid appid or apikey |
403 | Valid credentials but insufficient access |
