Requests made to the Session API and the Order API are authorized using HTTP Basic Authorization. The API username and password supplied to you by Reach are used to create the Authorization header key/value pair.
If your username is "account" and password is "secret" the base64-encoded value of account:secret is the string value "YWNjb3VudDpzZWNyZXQ=".
The Basic Authorization header for requests to the API would be Authorization:
Your API credentials carry many privileges so be sure to keep it secure! Do not share your API password in publicly accessible areas such as GitHub, client-side code, and so forth.
The API requires that all requests are made over a secure TLS 1.2 connection.