Authentication
Secure your API requests with Basic Authentication
The Quickbutik API uses Basic Authentication with API keys to authenticate requests. All API calls must be made over HTTPS, and requests made over HTTP will be rejected.
Quick Start
How it works
Basic Authentication requires you to include an Authorization header with every request. The header value consists of the word “Basic” followed by a space and a base64-encoded string of your credentials.
Format
Credential encoding
Your credentials should be formatted as api_key:api_key and then base64-encoded.
Format your credentials
Take your API key and format it as: your_api_key:your_api_key
Encode with base64
Encode the formatted string using base64 encoding
Add to Authorization header
Include the encoded string in your request headers as: Authorization: Basic ENCODED_STRING
Example
Let’s say your API key is sk_live_abc123. Here’s how you’d construct the Authorization header:
Getting your API key
Quickbutik Control Panel
API keys can be generated and managed in the Quickbutik Control Panel by the store owner.
Navigate to Settings → API to create and manage your API keys.
Security best practices
Keep your API keys secure
- Never expose API keys in client-side code
- Use environment variables to store API keys
- Rotate API keys regularly
- Only grant necessary permissions
Migration from legacy authentication
Before (Legacy - Deprecated)
After (Current)
Error responses
When authentication fails, you’ll receive a 401 Unauthorized response:
Common authentication errors:
- Missing
Authorizationheader - Invalid API key
- Malformed base64 encoding
- Using HTTP instead of HTTPS
Testing your authentication
You can quickly test your authentication setup with a simple API call:
A successful response will return your product count, confirming your authentication is working correctly.