Authentication

All API requests require authentication via an API key passed as a Bearer token in the Authorization header.

Creating an API key

Sign in to the dashboard.
Navigate to Settings > API Keys.
Click Create API Key.
Select the key scope:
- Personal: inherits your user permissions, acts on your behalf.
- Organization: org-level access, not tied to a specific user.
Copy the generated key. It is displayed only once.

Warning

Store API keys securely. If a key is compromised, revoke it from the Settings page immediately and create a new one.

Using an API key

Pass the key as a Bearer token in the Authorization header:

curl -H "Authorization: Bearer ug_live_abc123..." \
     https://your-instance.universalgoods.io/api/products

Key scopes

Scope	Description	Use case
Personal	Inherits the creating user's permissions	Scripts run by a specific team member
Organization	Org-wide access independent of any user	CI/CD pipelines, backend integrations

Note

Organization-scoped keys can access all resources within the organization. Only use them when the integration genuinely needs broad access.

Organization context

Most endpoints operate within an organization context. The organization is determined by the API key's scope.

Endpoints that accept an organizationId parameter (e.g. POST /api/products) require it in the request body. List endpoints accept organizationId as a query parameter for filtering.

#Authentication

#Creating an API key

#Using an API key

#Key scopes

#Organization context

Authentication

Creating an API key

Using an API key

Key scopes

Organization context