Skip to main content
Every Guardian API request is authenticated with an API key, sent in the x-api-key header: 
x-api-key: <your_api_key>
Keys are issued per instance. Administrative operations may also use an admin token (x-admin-token). See API Information for the full authentication reference and your instance URL.

Scopes

Each API key carries a set of scopes that gate the endpoints it can call. Grant only the scopes an integration needs — follow the principle of least privilege.

Token operations

ScopeGrants
pci:tokens:createPOST /api/pci/tokens
pci:tokens:readGET /api/pci/tokens
GET /api/pci/tokens/{id}
GET /api/pci/tokens/{id}/security-code
pci:tokens:updatePOST /api/pci/tokens/{id}/security-code
DELETE /api/pci/tokens/{id}/security-code
pci:tokens:deleteDELETE /api/pci/tokens/{id}
pci:tokens:forwardPOST /api/pci/tokens/{id}/forward
generic:tokens:createPOST /api/generic/tokens
generic:tokens:readGET /api/generic/tokens
GET /api/generic/tokens/{id}
GET /api/generic/tokens/{id}/payload
generic:tokens:deleteDELETE /api/generic/tokens/{id}
network:tokens:createPOST /api/network/tokens
network:tokens:readGET /api/network/tokens
GET /api/network/tokens/{id}
GET /api/network/tokens/{id}/card-art
network:tokens:deleteDELETE /api/network/tokens/{id}
network:tokens:usePOST /api/network/tokens/{id}/cryptograms
network:tokens:forwardPOST /api/network/tokens/{id}/forward
metadata:inquiries:createPOST /api/metadata/inquiries
network:tokens:* requires the Network Tokens add-on, and metadata:inquiries:create requires the Metadata Inquiries add-on, enabled on your instance. See Plans & Access.

Administrative operations

Administrative endpoints manage the instance itself. They require a key (or admin token) carrying the relevant admin:* scope.
ScopeGrants
admin:api-keys:createPOST /api/admin/api-keys
admin:api-keys:readGET /api/admin/api-keys
GET /api/admin/api-keys/{id}
admin:api-keys:updatePATCH /api/admin/api-keys/{id}
admin:api-keys:deleteDELETE /api/admin/api-keys/{id}
admin:webhooks:createPOST /api/admin/webhooks
admin:webhooks:readGET /api/admin/webhooks
GET /api/admin/webhooks/{id}
admin:webhooks:deleteDELETE /api/admin/webhooks/{id}
admin:types:createPOST /api/admin/types
admin:types:readGET /api/admin/types
GET /api/admin/types/{id}
admin:types:deleteDELETE /api/admin/types/{id}
admin:imports:createPOST /api/admin/imports
admin:imports:readGET /api/admin/imports/{id}
admin:imports:cancelPOST /api/admin/imports/{id}/cancel

Next steps

API Keys

Create and manage the API keys that carry these scopes.