> ## Documentation Index
> Fetch the complete documentation index at: https://www.cometchat.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Setup & Authentication

> Credentials, headers, and base URL for the Campaigns REST API.

The Campaigns REST API is a **server-side API**. It runs behind the CometChat Gateway, which authenticates and authorizes every request before forwarding it to the service. You authenticate by attaching a REST API key on every request. The service itself never validates tokens.

### Server-only

These endpoints are intended for your back-end, the CometChat Dashboard, and your ops tools. Do not call them from a browser or a mobile client. Shipping a REST API key to an end-user client would expose full admin access to your app.

End-user clients (mobile apps, in-app bell widgets) should integrate with the Campaigns SDK, which is the client-safe consumer surface for feed reads, unread counts, and engagement tracking.

### Base URL

```
https://{appId}.api-{region}.cometchat.io/v3/campaigns
```

Regions: `us`, `eu`, `in`. Replace `{appId}` with your application ID.

### Credentials

Generate a **REST API key** with `fullAccess` scope from your CometChat Dashboard. Send it on every request as the `apikey` header.

```http theme={null}
apikey: <your-rest-api-key>
```

App scoping is encoded in the base URL (`https://{appId}.api-{region}.cometchat.io/v3/campaigns`), so you do not need a separate `appid` header.

### Sample headers

```http theme={null}
apikey: <your-rest-api-key>
content-type: application/json
```

### Common auth errors

```jsonc theme={null}
// 401. apikey missing or invalid
{
  "error": {
    "code": "ERR_UNAUTHORIZED",
    "message": "apikey header is required",
    "source": "campaigns-service"
  }
}
```

### Multi-tenancy

Every entity is scoped to the `{appId}` in the base URL. Two apps cannot read each other's feed items, templates, or channels. Don't reuse an API key across apps; generate one per app from the Dashboard.

For the full surface and the canonical response and error envelopes, see [Overview](/rest-api/campaigns-apis/overview).

For the shared CometChat authentication model (API key scopes, auth tokens, security best practices), see [Authentication](/rest-api/authentication).