Authentication
Snipcart's REST API uses the HTTP Basic authentication scheme.
Creating a secret key
First, create a secret API key from your merchant dashboard. You can create as many secret keys as you want.
Keys are created in Test or Live mode, and each key only grants access to the data for its own mode. A key created in Test mode cannot read your Live data, and vice versa.
Keep your keys private
Anyone holding a secret key can access all of your account information. Your keys must never:
- Appear in your source code
- Appear in your compiled front-end assets (HTML, JavaScript)
- Be sent over insecure channels (email, chat platforms, etc.)
Credentials format
As specified by RFC 7617, credentials are the base64 encoding of the [username]:[password] string. Depending on your HTTP tooling, you may need to base64-encode this string yourself.
Pass the API key as the username, with no password. For example, if your key is secret, you base64-encode secret: — the trailing colon is important.
Example request
curl -H "Accept: application/json" \
https://app.snipcart.com/api/orders \
-u {YOUR_SECRET_API_KEY}:The same request in JavaScript:
const secret = "YOUR_SECRET_API_KEY" + ":"
const request = await fetch('https://app.snipcart.com/api/orders', {
headers: {
'Authorization': `Basic ${btoa(secret)}`,
'Accept': 'application/json'
}
})
const result = await request.json()