The Direct API authenticates every request with an API key passed in the
x-api-key header.
curl https://api.direct.reap.global/v1/health \
-H "x-api-key: YOUR_API_KEY"
API keys
- Keys are issued per business. Contact your Reap account manager to obtain one.
- Keys carry scopes that limit which endpoints they can call.
- Requests without a valid key receive
401 Unauthorized; requests with a valid
key but insufficient scope receive 403 Forbidden.
Treat API keys like passwords. Store them in a secrets manager, never commit
them to source control, and rotate them immediately if exposed.