The DoorLoop API uses API keys to authenticate requests. You can view and manage your API keys under "Zapier & API Keys" in your company settings.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via bearer auth in the request Authorization header.


Please refer to the request sample code below, specifically the Authorization header, which contains the word "bearer" followed by a space and an API token:

url --request GET \
2     --url \
3     --header 'Accept: application/json' \
4     --header 'Authorization: bearer your_api_token_goes_here'


Authentication Requirements

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.


Access denied: The 405 error

Each API token is assigned an access role which limits it's access to some endpoints. If you receive a 405 METHOD_NOT_ALLOWED Error http error, this simply means the API token being used or the user on which behalf the token was created does not have access to this specific resource or method.