# Overview

### Requests

The Found Hero API is organized around [REST](http://en.wikipedia.org/wiki/Representational_State_Transfer). Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features, like HTTP authentication and HTTP verbs, which are understood by off-the-shelf HTTP clients.

We support [cross-origin resource sharing](http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), allowing you to interact securely with our API from a client-side web application (though you should never expose your secret access token in any public website's client-side code)..

For the production environment, all requests should use the following base URL:

```bash
https://api.shuttlefare.com
```

If you are using the Shulltefare within the sandbox environment, use the following base URL:

```bash
http://sandbox-api.shuttlefare.com
```

### Authentication

For all of the resources in our API, you will also be required to have a valid Shuttlefare API key.You need to send it as a header, called API-KEY. If the API key is required and is not provided, the API will return a HTTP 403 response.

{% hint style="info" %}
Always include **API-KEY: \<MyShuttlfareAccessKey>** Header in your requests
{% endhint %}

### Error Handling

For most of the API responses, errors will probably come in 2 major categories: authentication errors (**HTTP 403**), most likely due to missing or invalid API key, and bad requests errors (**HTTP 400**) due to malformed inputs.<br>