We currently support API key based authentication set via the X-API-KEY HTTP request header. You can find your organisation's API key in your organisation's settings.
Keep your API key safe!
Anyone with your organisation's API key can perform any operation supported by Appointedd's API on your organisation. We recommend against using our API directly from clients (such as a web application) and instead communicating with the Appointedd API from a server you control.
Cross-Origin Resource Sharing (CORS) is not supported
Because you cannot currently securely exchange and store API keys on browsers our API does not implement the required headers for Cross-Origin Resource Sharing (CORS) as it is not designed for this use case. This means that calls to the API directly from a browser will fail and this is considered expected behaviour. We recommend you implement a proxy server with client-server authentication patterns to communicate with our API from a browser client.