Authentication

The Katana API uses token-based authentication, which means that API keys must be included in the Authorization header of all requests. Any request without a valid key will fail.

To generate a live API key:

  • Log in to your Katana account
  • Go to Settings > API
  • Select Add new API key

🚧

Never use API keys in the frontend of your application, as malicious users could discover them in your source code. Only include API keys on your server.

We recommend limiting live API key access to the minimum number of people necessary.

Do not embed API keys into your backend code (even if it’s private) because this increases the risk of discovery. Instead, API keys should be stored in configuration files or environment variables.

Example

curl --request GET \
  --url https://api.katanamrp.com/v1/products \
  --header 'Accept: application/json'
  --header 'Authorization:Bearer <API key>'

OAuth

If you're building a publicly-available app that accesses others' data, we have OAuth 2.0 authentication available. Contact us for further details on how to incorporate OAuth 2.0 into your authentication.