search

Authentication

hashtag
Authentication

All Core API endpoints are protected and require authentication.

The Core API is intended for server-to-server integrations and backend systems that interact with workflows and submitted orders.

hashtag
Authentication method

Authentication for the Core API is performed in two steps:

  1. Authenticate using an API key

  2. Use the returned bearer token for subsequent API calls

hashtag
Step 1: Obtain an API key

An API key is required to initiate authentication.

  • API keys are issued and managed manually

  • Keys are environment-specific (test and production)

  • To obtain an API key, contact the support team

API keys must be stored securely and must not be shared with unauthorized parties.

hashtag
Step 2: Generate a bearer token

Once you have an API key, you must call the authentication endpoint to obtain a bearer token.

  • The API key is provided as part of the authentication request

  • If the key is valid, the API responds with a bearer token

  • The bearer token represents the authenticated session

hashtag
Using the bearer token

The bearer token must be included in the Authorization header of all subsequent Core API requests:

Bearer tokens have a limited lifetime and must be renewed periodically by repeating the authentication process.

hashtag
Error responses

Common authentication-related responses include:

  • 401 Unauthorized – Missing or invalid API key or token

  • 403 Forbidden – Authenticated but not authorized to access the resource

PreviousCORE APINextBackend Integration Guide

Last updated