The Katana API uses token-based authentication, which means that API keys must be included in the Authorization header of all requests. Any request without a valid key will fail.

Authentication for custom integrations

To generate a live API key:

  • Log in to your Katana account
  • Go to Settings > API
  • Select Add new API key


Never use API keys in the frontend of your application, as malicious users could discover them in your source code. Only include API keys on your server.

We recommend limiting live API key access to the minimum number of people necessary.

Do not embed API keys into your backend code (even if it’s private) because this increases the risk of discovery. Instead, API keys should be stored in configuration files or environment variables.


curl --request GET \
  --url \
  --header 'Accept: application/json'
  --header 'Authorization:Bearer <API key>'

Authentication for App Partners using OAuth

If you're building a publicly-available app that accesses others' data, we require OAuth 2.0 authentication. Read more on incorporating OAuth 2.0 into your authentication.