Step 1: Create an API key in the Rackbeat application

Navigate to Company settings > API:

Choose to create a new key and assign a name that fits the context of how you are planning to use the API key - e.g. for a specific integration.

By default an API key will be granted all permissions, but you can also choose specific API scopes by unticking "All permissions" and choosing which endpoints the key should have access to instead:

We offer the following API scopes for improved control and recommend that at least all permissions in a group are chosen:

Sales flow related permissions: access customers, access offers, access orders, access shipments, access customer invoices
Purchase flow related permissions: access suppliers, access purchasing, access receipts, access supplier invoices
Account settings related permissions: access users, access settings, access employees

Once you create the API key, you will be shown the API key for you to copy and keep safe in your files.

❗️
Store your API key securely and immediately
You will only be shown the API key once, so make sure to store it securely and immediately before closing the API key modal.

Step 2: Use your Personal Token to authenticate for Rackbeat's APIs

Authorization: Bearer [API_TOKEN]

When authenticating with the Rackbeat API, you must include a bearer token in the Authorization header of every request. The token should be formatted as seen above, where API_TOKEN or YOUR_AUTH_KEY is replaced with your actual API key. This bearer token serves as your credential to access protected resources and must be included alongside the required Content-Type and Accept headers (both typically set to "application/json").

💡
The Rackbeat API uses an authentication model with API scopes - so once authenticated with your API key, it depends on the chosen permissions which endpoints and data within your account you can access.

The API uses this token to identify your account and determine your access permissions for various endpoints. Without a valid bearer token, requests will be rejected with authentication errors.

Make sure to keep your API key secure and never expose it in client-side code or public repositories, as it provides full access to your account's data through the API.