Skip to main content

Authentication

API Keys (Current)

Fieldkit Public API v1 uses managed API keys during beta rollout.

Send your key on every request:

X-Public-API-Key: <key>

Keys are:

  • scoped (least-privilege)
  • revocable/rotatable
  • tenant-scoped (your key can only access your resources)

Scopes

Scopes are assigned per key. Planned v1 scope set:

  • products:read
  • quotes:write, quotes:read
  • orders:write, orders:read
  • shipments:read
  • invoices:read
  • webhooks:write, webhooks:read

OAuth (Planned)

OAuth2 client credentials is available in v1 so integrations can use short-lived bearer tokens.

  1. Request a token: POST /public/v1/oauth/token
  2. Use it on requests: Authorization: Bearer <access_token>

See API Reference -> OAuth Token for examples.