Authentication

Most FunnelFlux self-hosted v2 API requests authenticate with an API key passed as the apiKey query parameter:

Code
https://YOUR_FUNNELFLUX_DOMAIN/admin/api/v2/data/trafficsource/find/byId/index.php?apiKey=API_KEY

API keys are generated and managed inside your FunnelFlux installation. Store them as secrets in your integration environment and do not expose them in browser-side code, public repositories, logs, or analytics tools.

For endpoint-level details, see the API reference sections:

• Data API
• Stats API
• System API

API Keys

The data, stats, and system endpoints are designed for server-side automation and use API key authentication.

Use HTTPS for production installations. If your installation allows both HTTP and HTTPS, integrations should still prefer HTTPS unless they run only on a private trusted network.

If an API key is compromised, rotate it from your FunnelFlux installation and update any integration secrets that use it.

Example

Code
curl --request GET \
  'https://YOUR_FUNNELFLUX_DOMAIN/admin/api/v2/system/settings/version/index.php?apiKey=API_KEY'

Most unauthorized requests return 403. Check that the apiKey value is present, active, and being sent to the same FunnelFlux installation that issued it.