Skip to main content

Authentication and authorization

To use our APIs, your identity must be verified (authentication) and your access rights confirmed (authorization). Your API keys are your credentials — keep them secret.

For most APIs, you exchange your API keys for a short-lived access token, then include that token in every API request.

  1. Your integration sends a request with API keys to the Access Token API.
  2. Access Token API returns an access token.
  3. Your integration sends an API request with the token in the Authorization header.
  4. The API returns a response.

When you're ready to implement, see the Access Token API to identify which method applies to you.

Last updated on