First, ask the supplier for your OCTO API Key. They can find this against the reseller account they created for you. It will be a UUID value that looks like this: 5bd1629a-323e-4edb-ac9b-327ef51e6136
OCTo uses Bearer authentication which you can use to authenticate:
If the token is invalid or is deactivated a HTTP 403 Forbidden error will be returned.
JSON Content Type
Every POST, PATCH and DELETE request must use Content-Type: application/json header and the request body must be a JSON encoded string. Every endpoint will return JSON unless otherwise stated.