To send and API request, you can create a service account (which is a bit like a user account) within your organisation. You can then set its permissions. For example, a service account might be permitted to issue certificates from a particular scheme.
Within a service account, you can create and name one or more API keys. These behave like passwords to authenticate the service account when it makes a request. The API key is presented as an X-Org-Token in the request header.
It is good practice to restrict the permissions of an API service account to only those that are needed. You should also keep your API keys secret and only share then with people you trust, for example an IT consultant setting up your APIs.
For logged in users, we have more detailed API schema information available here. We also have some other API endpoints available for other features, so do let us know if there is another specific task you'd like to perform and we'll be happy to help.
We'll be adding more details here soon...