Authenticating to the API

When submitting requests that require authentication, you'll need to ensure that you provide appropriate credentials with any requests.

Obtaining an API token

You can generate a service API token through the Katapult Console. Once you have generated this token, you can use it as described below. At present, it is not possible to authenticate to the API as a specific user but this functionality will be coming shortly (at which point you will need to provide a token provided by the user via an OAuth2 flow).

Authorization Header

This API requires that you send your API token as a bearer token in the Authorization header. For example:

Authorization: Bearer {api-token}

Potential errors

Any of the following errors may be raised on any request that requires authentication.

Details HTTP status


The API token provided was not valid (it may not exist or have expired)

403 Forbidden


No API token was provided in the Authorization header. Ensure a token is provided prefixed with Bearer

400 Bad Request


You have reached the rate limit for this type of request

429 Too Many Requests


Network is not allowed to access the API with this API token

403 Forbidden