I wish to use the Sumtracker API, and I want to connect and do a basic get for this endpoint.
Let's say that my API key is 1234567890abc. The code is here:
import requests
url = "https://inventory-api.sumtracker.com/api/version/2025-03/products/"
headers = {
"accept": "application/json",
"Authorization": "1234567890abc"
}
response = requests.get(url, headers=headers)
The response gives a 403 and the text is:
{"type":"client_error","errors":[{"code":"permission_denied","detail":"You do not have permission to perform this action.","attr":null}]}
This suggests to me that the API key is not working correctly. This is the exact example that they give on their website so I have to presume it is correct.
That said, on their authentication section, it says this:
Authorization: Api-Key <api-key-value>Lets say the API key is dv7dm.asm1hga2seks4uybay22hyuar
Then, the value of the header will be
Api-Key dv7dm.asm1hga2seks4uybay22hyuar
Does this mean that the API key should also include that text? I have tried using this line:
"Authorization": "Api-Key 1234567890abc"
but it didn't seem to make a difference. Is it typical that the authorization will contain more than just the key itself?
Authorizationheaders should have a scheme (in this caseApi-Key) in the value, yes. If it still doesn't work when you set it correctly, as in your second example, you'll have to contact the providers of the API - there's nothing we can do about that.Authorizationwith wordBearer, other withBasicor withApi-Key, and other with something else. Maybe they expect to use different methods for authorization and they need this word to recognize what method you used.