Authentication

Supply'd's API uses Bearer Authentication over HTTPS, and all requests should include the normal HTTP authorisation header:

Authorization: Bearer <token>

Get an API key

You can issue an API token via the Integration Settings page:

1. Log in to the Supply'd dashboard if you aren't logged-in already

2. On the top-right, click your name, then in the dropdown click Settings

3. Scroll down and click on Integrations, then switch to the API Keys tab

4. On the top-right, click the Add button, then fill out the form and click Save

5. Copy-paste and save your new API key 😊

Access permissions

All of Supply'd's API endpoints are guarded according to your API key's access level, which is configured alongside your API key via the Integration Settings page.

Some endpoints have mixed-permissions which will cause some data to be omitted if your API key has not been granted access, for example:

1. Purchase Order endpoints will not include Supplier details without access to Suppliers

2. Sales Order endpoints will not include Customer details without access to Customers

The full list of permissions is specified in under ApiPermissions, and you can check what permissions your API key has with the /v1/whoami endpoint.