Authentication

You'll need to authenticate your requests to access any of the endpoints in the SellApp API. In this guide, we'll look at how authentication works. SellApp currently offers one way to authenticate your API requests: Authentication with a secret (API) key.

Authentication with a secret (API) key

Authenticating with the SellApp API is done by using your secret (API) key. When making an API call, you will need to pass along your secret (API) key in the request header. Here's an example request how to add the API key to the request header using cURL:

Example request with bearer token

curl --request GET \
  --url 'https://sell.app/api/v1/invoices' \
  --header 'Authorization: Bearer {apiKeyHere}' \
  --header 'Content-Type: application/json'

Creating/Managing a secret (API) key

If you don't have a secret (API) key yet, you will be able to generate one in your storefront developers settings. Always keep your API key safe and reset it if you suspect it has been compromised.

API keys are tied to an account, not a storefront. While you can toggle API permissions on/off while creating an API key, access to resources will depend on what kind of permissions you have for the respective storefront you are interacting with.

As an owner of a storefront, you will always have full access to all API endpoints (provided you toggled the respective permissions on while creating the API key).

If your account is part of a storefront as a support staff, you can only access resources via the API which your account has been given access to. For example, a support staff with access limited to tickets, cannot modify products or create groups via the API.

Multiple Stores

If your account is part of multiple storefronts, you can pass an X-STORE parameter in the request header to specify which store you'd like to access. If you don't own any stores or don't pass the header parameter, the API will default to the first store you own/joined.

Say you are part of multiple stores and want to access bob.sell.app, you would pass the slug bob along via the request header using the X-STORE parameter. Here's an example request how to pass a store slug to the request header using cURL:

Example request accessing bob.sell.app invoices

curl --request GET \
  --url 'https://sell.app/api/v1/invoices' \
  --header 'Authorization: Bearer {apiKeyHere}' \
  --header 'X-STORE: bob' \
  --header 'Content-Type: application/json'

Using an SDK

If you use an SDK, you won't have to worry about any of the above — fetch your API key from the storefront developers settings, and the client library will be taking care of the heavy lifting.