Authorizing a request

Requests are made on behalf of the user that allocated the API key and have access to the teams this user account may have access to.

For example, to retrieve the purchase orders for a specific team, with a team_id of 555, request:

GET /api/v1/teams/555/purchase_orders 
Authorization: YOUR_API_KEY

Keeping API keys secure is a collective responsibility. Therefore, make sure to follow best practices in security and rotate your security keys on a periodic rolling basis.

Requests with bad tokens, either invalid or expired, will receive a 401 status code with an unauthorized message.

If you do not have sufficient permissions to access a resource or perform an action a 403 status code will be generated.

If you need help feel free to submit a request to [email protected].