API keys are shop specific and are tightly scoped to that determine what actions a key is authorized to perform. A single key may have as many scopes as you wish and scopes may be added or removed in the developers page of your Loop admin.
If the API key you are using does not have the needed scope you will get a 401 Unauthorized response with the following body:
"errors": "Unauthorized."
API Key Scope Quick Reference:
| Scope | Available Endpoints |
|---|---|
| Returns | Advanced Shipping Notice, Process Return, Flag Return, Cancel Return, Close Return, Return Details |
| Orders | Deeplink, Blocklist, Allowlist |
| Carts | On-store, On-store Snippet |
| Developer Tools | Get, Create, Update, and Delete Webhooks |