API Quickstart

Use this path when your caller is a backend system integrating through the API chain.

Typical Sequence

1. provision an API key and secret
2. confirm the key's allowed scopes
3. sign the request with HMAC
4. call /api/v1/** endpoints only
5. handle scope and permission failures explicitly

Required Concepts

Read these before sending any API request:

1. Web vs API Chain
2. Authentication Models
3. Permissions and Scopes
4. Error Model

Critical Rule

Not every documented interface is API-key accessible. Only endpoints exposed on the API chain with declared scope support should be called this way.

Common 403 Causes

1. the endpoint belongs to /web/v1/**, not /api/v1/**
2. the endpoint has no API scope declaration
3. the API key does not have the required scope
4. the signature or timestamp handling is invalid

Next Step

If your integration is server-to-server, go to the domain guide that matches your business capability and confirm whether that domain supports API chain calls.