The Katana API uses token-based authentication, which means that API keys must be included in the Authorization
header of all requests. Any request without a valid key will fail.
To generate a live API key:
- Log in to your Katana account
- Go to Settings > API
- Select Add new API key
Never use API keys in the frontend of your application, as malicious users could discover them in your source code. Only include API keys on your server.
We recommend limiting live API key access to the minimum number of people necessary.
Do not embed API keys into your backend code (even if it’s private) because this increases the risk of discovery. Instead, API keys should be stored in configuration files or environment variables.
curl --request GET \
--url https://api.katanamrp.com/v1/products \
--header 'Accept: application/json'
--header 'Authorization:Bearer <API key>'
OAuth
If you're building a publicly-available app that accesses others' data, we have OAuth 2.0 authentication available. Contact us for further details on how to incorporate OAuth 2.0 into your authentication.