Authenticate every protected request with a Bearer API key.
Production endpoints expect a token in the Authorization header.
Header format
Authorization: Bearer YOUR_API_KEYVerified unauthenticated response
On the live production service discovery endpoint, a request without a key currently returns:
{
"code": "missing_api_key",
"message": "API Key required",
"data": {
"status": 401
}
}
Why this matters
This confirms the endpoint exists and the request format is recognized even when the caller is not yet authenticated.
Recommended request template
curl -X GET "https://api.gathlogistics.com/wp-json/gath/v1/services" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Accept: application/json"- Do not embed production API keys directly into public frontends.
- Store keys in environment variables or a secret manager.
- Proxy sensitive calls through your server when building customer-facing workflows.