Skip to main content
The Direct API authenticates every request with an API key passed in the x-api-key header.
curl https://api.direct.reap.global/v1/health \
  -H "x-api-key: YOUR_API_KEY"

API keys

  • Keys are issued per business. Contact your Reap account manager to obtain one.
  • Keys carry scopes that limit which endpoints they can call.
  • Requests without a valid key receive 401 Unauthorized; requests with a valid key but insufficient scope receive 403 Forbidden.
Treat API keys like passwords. Store them in a secrets manager, never commit them to source control, and rotate them immediately if exposed.