Events APIs use HTTP Basic Authentication. Include this header in every request:
Authorization: Basic <base64(api_key:)>
The API key goes in the username field of HTTP Basic Auth. The password is always empty — note the trailing colon before Base64 encoding.
Authorization: Basic followed by Base64 of api_key: (API key + colon, empty password).
Where to find your API key
- Dashboard path: Workspace Settings → API Keys
- Create or manage keys in the Zixflow dashboard for your workspace.
Encoding example
# API key: ws_abc123
echo -n "ws_abc123:" | base64
# → d3NfYWJjMTIzOg==
Example request
curl -X POST "https://api-events.zixflow.com/v1/track" \
-H "Authorization: Basic d3NfYWJjMTIzOg==" \
-H "Content-Type: application/json" \
-d '{"userId": "user_123", "event": "Button Clicked"}'
Auth error responses
| HTTP Status | Reason |
|---|
401 Unauthorized | Missing, invalid, or unrecognised API key |
503 Service Unavailable | Auth cache temporarily unavailable |
See Events Errors for the full error response shape.
Do not use messaging ingest headers (x-api-key, x-workspace-id) with Events APIs. Those apply only to api-ai.zixflow.com.