# Authentication Supply'd's API uses Bearer Authentication over HTTPS, and all requests should include the normal HTTP authorisation header: `Authorization: Bearer ` ## Get an API key You can issue an API token via the Integration Settings page: 1. Log in to the Supply'd dashboard if you aren't logged-in already 2. On the top-right, click your name, then in the dropdown click Settings 3. Scroll down and click on Integrations, then switch to the API Keys tab 4. On the top-right, click the Add button, then fill out the form and click Save 5. Copy-paste and save your new API key 😊 ## Access permissions All of Supply'd's API endpoints are guarded according to your API key's access level, which is configured alongside your API key via the Integration Settings page. Some endpoints have mixed-permissions which will cause some data to be omitted if your API key has not been granted access, for example: 1. Purchase Order endpoints will not include Supplier details without access to Suppliers 2. Sales Order endpoints will not include Customer details without access to Customers The full list of permissions is specified in [Broken mention](broken://pages/8805b5d5f685e2c8cfa19fffdc6f1e532df017f7) under `ApiPermissions`, and you can check what permissions your API key has with the `/v1/whoami` endpoint. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.supplyd.co/api/authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.