Documentation

Authentication

All /api/v1 routes require a unifeed API key. Multi-tenant apps pass a tenant ID on each request.

API keys

Generate keys in the dashboard. Send the key as a Bearer token on every request:

Authorization: Bearer unifeed_xxxxxxxx

Invalid or missing keys return 401 Unauthorized.

Tenants

unifeed isolates connected accounts and posts by tenant (typically your workspace or customer ID). Most endpoints require a tenant ID via:

tenant_id in the JSON body, or
X-Tenant-Id request header

The API key owner must have access to the tenant. Otherwise unifeed returns 403 Forbidden.

Example

Authenticated request

curl "https://unifeed.social/api/v1/social-accounts?tenantId=ws_abc123" \
  -H "Authorization: Bearer unifeed_YOUR_KEY" \
  -H "X-Tenant-Id: ws_abc123"

Dashboard vs API auth

The unifeed dashboard uses session cookies (unifeed-auth.*) via better-auth. The public /v1 API uses Bearer keys only — no session cookie required for server-to-server calls.