Access Token (API Key)

Initial Setup and Admin Authentication

1. Admin Creation:

   • Navigate to the Admin Panel.

   • Go to Settings -> Admin.

   • Choose the admin you want to generate an Access Token for.

   • Click on Generate new key.

   • Set the key name and optionally set the expiration date.

   • Copy the API key and save it. You will not be able to access the key upon closing the window.

2. Using the Access Token:

   • After the initial setup, you can authenticate API requests using the Access Token either through headers or a query parameter.

   Authentication Using Headers

   • To authenticate via headers, you can use a curl command like the following:

     Copy

     curl -L http://your-env-url/api/{storeCode}/member \
         -X "GET" -H "Accept: application/json" \
         -H "X-AUTH-TOKEN: customPermanentToken"

Maintaining Authentication State

Access Token (API Key) provided during the initial admin setup is designed to never expire unless specified otherwise. This feature is particularly beneficial for scenarios that require long-term access without the need for frequent re-authentication.

Best Practices

• Token Security: Always store the Permanent User Token securely and avoid exposing it in client-side code.

• Regular Audits: Conduct regular audits of API Key usage to detect any unauthorized access or anomalies in API requests.

• Secure Storage: Store the API Key in a secure environment, such as an encrypted database or a secure vault solution, to prevent exposure to potential threats.