Introduction
Authentication
All API requests must be authenticated using a Bearer token in the Authorization header.
API keys
API keys use the sk_ prefix and are created from your Liveday dashboard under Settings > API Keys. Each key is assigned one or more scopes that control which endpoints it can access.
curl "https://api.liveday.se/analytics_search/api/transactions" \
-H "Authorization: Bearer sk_your_api_key"
The Authorization header accepts both formats:
Authorization: Bearer sk_...
Authorization: sk_...
Keep your keys secret
Never expose your API keys in client-side code, public repositories, or any publicly accessible location. Use environment variables to store them securely. If a key is compromised, revoke it immediately from the dashboard.
Scopes
Each API key has one or more scopes that determine its access level:
| Scope | Description |
|---|---|
orders:read | Read transaction and order data |
orders:write | Create or modify orders |
customers:read | Read customer information |
customers:write | Create or modify customers |
integrations:read | Read integration configuration |
integrations:write | Modify integrations |
webhooks:read | Read webhook configuration |
* | Full access to all endpoints |
If your API key lacks the required scope for an endpoint, you'll receive a 403 Forbidden response.
Error responses
If authentication fails, you will receive a 401 Unauthorized response:
{
"error": "Invalid or missing API key.",
"trace_id": "abc123def456"
}
If your key lacks the required scope:
{
"error": "Insufficient permissions. Required scope: orders:read",
"trace_id": "abc123def456"
}
Organization scoping
All data returned by the API is automatically scoped to the organization that owns the API key. You cannot access data from other organizations.