General API Information
Note that the documented URLs for all endpoints are preceded by a base URL, which is often implicit in the documentation.
For the sandbox environment (lab-sandbox.ovation.io), always start with https://lab-services-sandbox.ovation.io/api/v3
For the production environment (lab.ovation.io), always start with https://lab-services.ovation.io/api/v3
Each call requires a Bearer token to be sent in the HTTP Authorization header.
For this, you need an "API key," which is generated in user settings in the application. (Select the User dropdown on top right of page and navigate to Settings and then to Security. From there, you can add an API key.)
API keys are specific to the environment. Create separate ones for use in sandbox and production.
The Bearer token is the API key preceded by the word "Bearer".
Failure to provide a valid API key will result in a 401 error from the endpoint.
The API enforces the same permissions as the user interface as described in the Permissions Detail article. The permissions that apply are the ones held by the user that is associated with the API key that is passed as the Bearer token.