Authorizing a request
Requests are made on behalf of the user that allocated the API key and have access to the teams this user account may have access to.
For example, to retrieve the purchase orders for a specific team, with a team_id
of 555, request:
GET /api/v1/teams/555/purchase_orders
HTTP/1.1
Authorization: YOUR_API_KEY
Keeping API keys secure is a collective responsibility. Therefore, make sure to follow best practices in security and rotate your security keys on a periodic rolling basis.
Requests with bad tokens, either invalid or expired, will receive a 401
status code with an unauthorized
message.
If you do not have sufficient permissions to access a resource or perform an action a 403
status code will be generated.
If you need help feel free to submit a request to [email protected].
Updated almost 2 years ago