DocumentationAPI ReferenceChangelog
Log In

Authentication

The Extend API uses private API keys to authenticate requests in the header 'X-Extend-Access-Token'.

Your API key carries many privileges so be sure to keep it secure! Do not share your secret API keys in any publicly accessible areas like GitHub, client-side code, etc.

To generate and access your API Key you will need to run some curl requests via CLI:

  1. Run the following code in your terminal replacing the {USER_EMAIL} with your Extend Admin User email, and {YOUR_PASSWORD} with the password corresponding to that account.

    curl --location --request POST 'https://api.helloextend.com/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "{USER_EMAIL}",
"password": "{YOUR_PASSWORD}"
}'

  2. You should have received an accessToken from the previous curl, this will be used in the next step.

  3. Run the following code in your terminal replacing the same values as before, and including the accessToken in place of {ACCESS_TOKEN_FROM_PREVIOUS_CURL}

    curl --location --request POST 'https://api.helloextend.com/auth/oauth/token' \
--header 'Content-Type: application/json' \
--header 'X-Extend-Access-Token: {ACCESS_TOKEN_FROM_PREVIOUS_CURL}' \
--data-raw '{
"email": "{USER_EMAIL}",
"password": "{YOUR_PASSWORD}",
"grant_type": "password",
"scope": "offline all"
}'

  4. The accessToken you get here is your PERMANENT API KEY. This needs to be kept in a safe place.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail, as will API requests without proper authentication.

Example sandbox request (using cURL):

curl -X GET \
https://api-demo.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token (sandbox): {fake sandbox access token}'

Example production request (using cURL):

curl -X GET \
https://api.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token: 9C_wrrlAAoOvYH9AuespIyCCqYuXJuhuqPvaZgL8OCM'
Security Scheme TypeAPI Key
Header parameter nameX-Extend-Access-Token