From 9f14528684f49e2702e33f40161e035fce4e1ea5 Mon Sep 17 00:00:00 2001
From: Traian Vila <traian@turnkey.io>
Date: Fri, 19 Sep 2025 13:11:59 +0300
Subject: [PATCH] add shadowing note

---
 authentication/email.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/authentication/email.mdx b/authentication/email.mdx
index 618bc23f..49d42278 100644
--- a/authentication/email.mdx
+++ b/authentication/email.mdx
@@ -73,6 +73,8 @@ For OTP Auth signup and login flows you will need a user with the following poli
 }
 ```
 
+**Note:** Avoid using an API key that is also present in the sub-organization that you're targeting within the email activities. Turnkey identifies the user from the request signature and in case of an identical API key it will always prioritize the sub-organization user matching. As a result, it will try to evaluate the sub-organization policies instead of the parent ones.
+
 ## User experience
 
 ### OTP-based authentication flow