Appearance
Authentication
All Partner API requests require a valid API key sent via the x-partner-api-key request header.
API Key Header
Include your API key in every request:
bash
curl -X GET "https://app.flyfruition.com/api/v1/partner/DEN/content" \
-H "x-partner-api-key: flyfru_pk_live_your_api_key_here"The header name x-partner-api-key is case-insensitive in HTTP, but we recommend using the lowercase form.
API Key Format
API keys follow the format flyfru_pk_{environment}_{random} where the prefix indicates the target environment:
| Environment | Prefix | Example |
|---|---|---|
| Production | flyfru_pk_live_ | flyfru_pk_live_a1b2c3d4e5f6g7h8i9j0k1l2 |
| Staging | flyfru_pk_stag_ | flyfru_pk_stag_a1b2c3d4e5f6g7h8i9j0k1l2 |
| Development | flyfru_pk_dev_ | flyfru_pk_dev_a1b2c3d4e5f6g7h8i9j0k1l2 |
Getting an API Key
- Contact the FlyFruition admin to create a partner account
- Request airport access (e.g., DEN) with the "content" scope
- An API key will be generated from the Partner Admin portal
- Store the key securely — it is shown only once at creation
WARNING
The full API key is displayed only once when it is created. It cannot be retrieved later. If you lose your key, contact your FlyFruition administrator to generate a new one.
Environment Matching
Use the correct key for each environment:
- Staging keys (
flyfru_pk_stag_) work only withhttps://dev-app.flyfruition.com - Production keys (
flyfru_pk_live_) work only withhttps://app.flyfruition.com
Using a staging key against the production URL (or vice versa) will return a 401 Unauthorized error.
Security Best Practices
- Never expose API keys in client-side code or public repositories
- Call the API from your backend server, not directly from browsers
- Rotate keys periodically and revoke any compromised keys immediately
- Store keys in environment variables or a secrets manager, not in source code