Creating Private API Keys

From Spiffy Stores Knowledge Base

Private API keys allow you to grant access to your store's data for individual applications.

As an example, you would need to generate a set of API keys if you were writing an automation script to manage your store's inventory. You may also need to generate another set of API keys if you want to grant access to a web-based accounting system that supports the Spiffy Stores API and allow it to access your Order and Customer data.

Private API keys can be generated from your Toolbox under "Accounts -> API Keys".

Simply generate a new API key for each new application that needs API access. You should generate a new key for each application, and you should not share the same key across multiple applications.

You can revoke API access for an application by deleting its API key.

Once an API key has been generated, click on the API key line to edit the key label and see the private details.

Perform Authenticated Requests

Private applications authenticate with Spiffy Stores through basic HTTP authorization, where the API key of the application is the username, and the Password is the password. You can generate these credentials from the store's Toolbox as described above.

Some HTTP clients support basic authentication by prepending "username:password@" to the hostname in the URL.

For example:


If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the Authorization header field instead.

  1. Join the API key and password with a single colon (:)
  2. Encode the resulting string in Base64 representation
  3. Prepend the Base64-encoded string with "Basic" followed by a space
Authorization: Basic YTFjZTdmMzg1NzdhZGVkMDY4M2M4N2RjZThkMGRiZmE6N2Q1NzQ2MzA4ZjVmMDYzOTNlOTAwMGVjYjEwZWI0Mzg=

Further Reference