Skip to main content

Bearer token

Send your API key in the Authorization header: 
Authorization: Bearer <api_key>
Keys are scoped to a single tenant. Each key only returns inventory for the brand it was issued to.

Security requirements

Store API keys on your servers only. Never ship keys to browsers, mobile apps, or public repositories.
  • Rotate keys immediately if you suspect exposure.
  • Use HTTPS for all requests (the production endpoint enforces TLS).
  • The health action is the only call that works without a key.

Requesting a key

Contact your Keystone account representative or email support@keystoneb2b.io. Include your company name and the integration environment (production or staging).