Authentication
Every /api/v1 request carries a Bearer key minted in your portal (shown once, stored hashed). Keys carry scopes — grant each integration only what it needs. Placing orders and renewals ( orders:write) moves money, so it's enabled per account — contact support to switch it on. Rotation links and the status endpoint need no key: the token itself is the secret.
Authorization: Bearer tp_live_…