Authentication

Authenticate every protected request with a Bearer API key.

Production endpoints expect a token in the Authorization header.

Header format

Authorization: Bearer YOUR_API_KEY

Verified unauthenticated response

On the live production service discovery endpoint, a request without a key currently returns the following JSON: 

{
  "code": "missing_api_key",
  "message": "API Key required",
  "data": {
    "status": 401
  }
}
Why this matters This response confirms the endpoint exists and that the request format is recognized, even when the caller is not yet authenticated.

Recommended request template

curl -X GET "https://api.gathlogistics.com/wp-json/gath/v1/services" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Accept: application/json"

Key handling guidance

  • Do not embed production API keys directly into public frontends.
  • Store keys in environment variables or a secret manager.
  • Proxy sensitive calls through your server when building customer-facing workflows.
Need credentials? Request API access from the GATH team before attempting quote or order flows.