The Extend API uses private API keys to authenticate requests in the header 'X-Extend-Access-Token'. You can view and manage your API key from the Extend Merchant Portal under Account Settings.
Your API key carries many privileges so be sure to keep it secure! Do not share your secret API keys in any publicly accessible areas like GitHub, client-side code, etc.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail, as will API requests without proper authentication.
Example sandbox request (using cURL):
curl -X GET \
https://api-demo.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token (sandbox): {fake sandbox access token}'
Example production request (using cURL):
curl -X GET \
https://api.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token: 9C_wrrlAAoOvYH9AuespIyCCqYuXJuhuqPvaZgL8OCM'
| Security Scheme Type | API Key |
| Header parameter name | X-Extend-Access-Token |