API Key Management
Generating an API Key
To generate a new API key for your store, make a POST request:
const response = await fetch('https://api.checkoutlinks.com/api/v1/api-keys', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
store: 'your-store.myshopify.com',
token: 'your-verification-token',
}),
})
const { apiKey } = await response.json()
Requirements
- Only available for stores on the growth plan
- Requires a store verification token
- One API key per store
Rotating an API Key
Rotate your existing API key to generate a new one and invalidate the old:
const response = await fetch('https://api.checkoutlinks.com/api/v1/api-keys', {
method: 'PUT',
headers: {
'Content-Type': 'application/json',
'x-api-key': 'your-current-api-key',
},
body: JSON.stringify({
store: 'your-store.myshopify.com',
}),
})
const { apiKey: newApiKey } = await response.json()
Key Rotation Benefits
- Enhance security
- Revoke access for compromised keys
- Maintain strict access control
Deleting an API Key
Remove your API key when no longer needed:
const response = await fetch(
'https://api.checkoutlinks.com/api/v1/api-keys?store=your-store.myshopify.com',
{
method: 'DELETE',
headers: {
'x-api-key': 'your-api-key',
},
},
)
API Key Management Best Practices
-
Security
- Store API keys securely
- Never expose keys in client-side code
- Use environment variables
-
Access Control
- Create separate keys for development and production
- Rotate keys periodically
- Delete unused keys
-
Error Handling
- Always check API response status
- Handle authentication errors gracefully
Possible Error Responses
400: Invalid request401: Unauthorized403: Forbidden (store not eligible)500: Server error
Rate Limits
- 100 API key management requests per 15-minute window
- Returned in response headers:
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 95 X-RateLimit-Reset: 1612345678