Just like the web front end, most of the services that the API exposes require an authenticated session. The documentation will note whether or not a service is secure or not.
API Key #
API Keys should be treated like username and password credentials and kept secure.
Send X-Booked-ApiId and X-Booked-ApiKey headers on all requests. These values can be found when logged into Booked in your Profile.
