API Access for Users and Services
API Access Defined by Users and Permissions
- Each user has an API Key that, when enabled, allows API access from a http client.
- That user's permissions are applied when allowing the API request.
- This allows for granular API permissions per-service
- Token auth is restricted to access from KoalaBrain terminals only
Master API Key
- The master API Key is set in your env file and grants TOTAL AND UNRESTRICTED ACCESS to the system. KoalaBrain online uses it to access your POS system. Do not share this key with anyone, and it is recommended it not be used for your API calls in favour of having a revokable API user with their own key.