The Harvey API uses bearer tokens to authenticate requests. Please reach out to your Customer Success Manager to obtain your organization's bearer token. Your token must be included in the headers of your API requests.
-H "Authorization: Bearer <token>"
Your bearer tokens can access sensitive information and perform privileged actions, so keep them secure. Do not share your tokens in public areas like GitHub or client-side code. When emailing, even to Harvey support, redact your bearer token from your example request body or screenshots.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.