Authentication
All API requests require a valid API key passed in the Authorization header as a Bearer token.
Generating an API Key
Navigate to Settings
In the Reached dashboard, go to Settings > API.
Create a key
Click Create Key, give it a descriptive name (e.g., “Clay Integration” or “Zapier”), and confirm.
Copy the key
Your API key will be displayed once. Copy it and store it securely. It starts with rchd_live_.
Include your API key in every request using the Authorization header:
Authorization: Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd
Example Request
curl -X GET \
"https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads" \
-H "Authorization: Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
const response = await fetch(
"https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads",
{
headers: {
"Authorization": "Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
}
}
);
const data = await response.json();
import requests
response = requests.get(
"https://kdjmltmhxvvmiuehafgl.supabase.co/functions/v1/api-gateway/v1/leads",
headers={
"Authorization": "Bearer rchd_live_a1b2c3d4e5f6789012345678901234567890abcd"
}
)
data = response.json()
Authentication Errors
If your API key is missing, invalid, or revoked, the API returns a 401 Unauthorized response:
{
"error": {
"code": "unauthorized",
"message": "Invalid API key"
}
}
Keep your API keys secret. Do not share API keys in public repositories, client-side code, or insecure channels. If a key is compromised, revoke it immediately in Settings > API.
Key Management
| Action | How |
|---|
| Create | Settings > API > Create Key |
| Revoke | Settings > API > click the revoke button next to the key |
| Rotate | Revoke the old key and create a new one |
API keys are scoped to your company workspace. All data accessed through a key belongs to the workspace that created it.