The Katana API uses token-based authentication, which means that API keys must be included in the Authorization header of all requests. Any request without a valid key will fail.
Authentication for custom integrations
To generate a live API key:
- Log in to your Katana account
- Go to Settings > API
- Select Add new API key
Never use API keys in the frontend of your application, as malicious users could discover them in your source code. Only include API keys on your server.
We recommend limiting live API key access to the minimum number of people necessary.
Do not embed API keys into your backend code (even if it’s private) because this increases the risk of discovery. Instead, API keys should be stored in configuration files or environment variables.
Example
curl --request GET \
--url https://api.katanamrp.com/v1/products \
--header 'Accept: application/json'
--header 'Authorization:Bearer <API key>'
Authentication for App Partners using OAuth
If you're building a publicly-available app that accesses others' data, we require OAuth 2.0 authentication. Read more on incorporating OAuth 2.0 into your authentication.