API keys are shop specific and are tightly scoped to that determine what actions a key is authorized to perform. A single key may have as many scopes as you wish and scopes may be added or removed in the developers page of your Loop admin.

If the API key you are using does not have the needed scope you will get a 401 Unauthorized response with the following body:

"errors": "Unauthorized."

API Key Scope Quick Reference:

ScopeAvailable Endpoints
ReturnsAdvanced Shipping Notice, Process Return, Flag Return, Cancel Return, Close Return, Return Details
OrdersDeeplink, Blocklist, Allowlist
CartsOn-store, On-store Snippet
Developer ToolsGet, Create, Update, and Delete Webhooks