Skip to content
WhiteBeard

API Key

There are two levels of authentication for accessing the API:

1. API Key Authentication

Section titled “1. API Key Authentication”
  • Required for all endpoints except /oauth2.
  • The API key must be included as an HTTP header in every request.
  • Header Name: API-Key.
  • API keys are provided by the CMS backend.

Example:

API-Key: YOUR_API_KEY

2. Customer Authentication

Section titled “2. Customer Authentication”
  • Required for specific endpoints.
  • The customer authentication token is passed in the Token and/or Authorization headers.
  • It usually starts with “Bearer xxxxxx” if it was issued by an OAuth2 login process.
  • The token is provided after a successful customer authentication. It is a required field for all API endpoints that require customer authentication.
  • For OAuth2 authentication, see this page.
  • The old authentication endpoints /customer/login/... still exist but are deprecated. You can see them in the API reference.

Error Handling

Section titled “Error Handling”
  • 401 Unauthorized: Returned if the API-Key is missing, invalid, or the customer token is not provided for secured endpoints.
  • 500 Internal Server Error: Returned if an internal error occurs during the request.

Example error response:

{
  "error": true,
  "message": "Invalid API key or authentication token",
  "error_type": "Unauthorized"
}