AppetiteDevelopers
DashboardGet started

Authentication

All partner API requests are authenticated with an API key passed as a Bearer token.

API keys

Create and manage your key from the API keys page. Your organisation has a single key. The full value is shown only at creation, so store it somewhere safe.

Making authenticated requests

Send the key in the Authorization header on every request:

curl https://api.appetitepos.com.au/v1/restaurants \
  -H "Authorization: Bearer sk_live_your_key_here"

Requests without a valid key return 401 Unauthorized.

Rotating keys

To rotate, revoke the existing key and create a new one. Revocation takes effect immediately, so update your integration promptly to avoid downtime.

Security best practices

  • Never embed keys in client-side code or commit them to source control.
  • Store keys in environment variables or a secrets manager.
  • Revoke any key you suspect has been exposed.