Setup & Authentication - CometChat Docs

The Campaigns REST API is a server-side API. It runs behind the CometChat Gateway, which authenticates and authorizes every request before forwarding it to the service. You authenticate by attaching a REST API key on every request. The service itself never validates tokens.

Server-only

These endpoints are intended for your back-end, the CometChat Dashboard, and your ops tools. Do not call them from a browser or a mobile client. Shipping a REST API key to an end-user client would expose full admin access to your app. End-user clients (mobile apps, in-app bell widgets) should integrate with the Campaigns SDK, which is the client-safe consumer surface for feed reads, unread counts, and engagement tracking.

Base URL

https://{appId}.api-{region}.cometchat.io/v3/campaigns

Regions: us, eu, in. Replace {appId} with your application ID.

Credentials

Generate a REST API key with fullAccess scope from your CometChat Dashboard. Send it on every request as the apikey header.

apikey: <your-rest-api-key>

App scoping is encoded in the base URL (https://{appId}.api-{region}.cometchat.io/v3/campaigns), so you do not need a separate appid header.

Sample headers

apikey: <your-rest-api-key>
content-type: application/json

Common auth errors

// 401. apikey missing or invalid
{
  "error": {
    "code": "ERR_UNAUTHORIZED",
    "message": "apikey header is required",
    "source": "campaigns-service"
  }
}

Multi-tenancy

Every entity is scoped to the {appId} in the base URL. Two apps cannot read each other’s feed items, templates, or channels. Don’t reuse an API key across apps; generate one per app from the Dashboard. For the full surface and the canonical response and error envelopes, see Overview. For the shared CometChat authentication model (API key scopes, auth tokens, security best practices), see Authentication.

Documentation Index

​Server-only

​Base URL

​Credentials

​Sample headers

​Common auth errors

​Multi-tenancy