The Extend API uses private API keys to authenticate requests in the header 'X-Extend-Access-Token'.
Your API key carries many privileges so be sure to keep it secure! Do not share your secret API keys in any publicly accessible areas like GitHub, client-side code, etc.
To generate and access your API Key you will need to run some curl requests via CLI:
-
Run the following code in your terminal replacing the {USER_EMAIL} with your Extend Admin User email, and {YOUR_PASSWORD} with the password corresponding to that account.
curl --location --request POST 'https://api.helloextend.com/auth/login' \ --header 'Content-Type: application/json' \ --data-raw '{ "email": "{USER_EMAIL}", "password": "{YOUR_PASSWORD}" }'
-
You should have received an accessToken from the previous curl, this will be used in the next step.
-
Run the following code in your terminal replacing the same values as before, and including the accessToken in place of {ACCESS_TOKEN_FROM_PREVIOUS_CURL}
curl --location --request POST 'https://api.helloextend.com/auth/oauth/token' \ --header 'Content-Type: application/json' \ --header 'X-Extend-Access-Token: {ACCESS_TOKEN_FROM_PREVIOUS_CURL}' \ --data-raw '{ "email": "{USER_EMAIL}", "password": "{YOUR_PASSWORD}", "grant_type": "password", "scope": "offline all" }'
-
The accessToken you get here is your PERMANENT API KEY. This needs to be kept in a safe place.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail, as will API requests without proper authentication.
Example sandbox request (using cURL):
curl -X GET \
https://api-demo.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token (sandbox): {fake sandbox access token}'
Example production request (using cURL):
curl -X GET \
https://api.helloextend.com/stores/123/products \
-H 'Accept: application/json; version=2021-04-01' \
-H 'Content-Type: application/json' \
-H 'X-Extend-Access-Token: 9C_wrrlAAoOvYH9AuespIyCCqYuXJuhuqPvaZgL8OCM'
Security Scheme Type | API Key |
---|---|
Header parameter name | X-Extend-Access-Token |