Authentication
All Partner API requests require authentication using a Bearer token in the Authorization header.
Token Format
API tokens follow a structured format that indicates the environment:
rt_sk.{environment}.{random_32_chars}
Making Authenticated Requests
Include your API token in the Authorization header of every request:
curl -H "Authorization: Bearer rt_sk.prod.a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6" \
https://roundtable.eu/api/partners/v1/health
Getting Your API Credentials
API tokens are issued by your Roundtable account manager.
Security Best Practices
- Never share your API token or commit it to version control
- Store tokens securely using environment variables or a secrets manager
- Use the minimum required scopes for your integration
- Rotate tokens periodically by requesting a new token from your account manager
Token Scopes
Each token is issued with specific scopes that determine what data it can access. Scopes follow the pattern {resource}:read or {resource}:write. Examples:
| Scope | Access |
|---|---|
system:read |
Health check and system monitoring |
users:read |
Read user profiles |
deals:read |
Read investment deals |
For the complete list of available scopes, see the API Reference security section.
Your token's scopes are set when the token is created. Contact your account manager to modify scope access.
Authentication Errors
| Status | Error Code | Description |
|---|---|---|
| 401 | UNAUTHORIZED |
Missing or invalid token |
| 403 | FORBIDDEN |
Token lacks required scope for this endpoint |
If you receive a 401 Unauthorized response, verify that:
- The
Authorizationheader is present and correctly formatted - The token is valid and has not been revoked
- You're using the correct environment (production vs sandbox)