> ## Documentation Index
> Fetch the complete documentation index at: https://quickbutik.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> Secure your API requests with Basic Authentication

The Quickbutik API uses **Basic Authentication** with API keys to authenticate requests. All API calls must be made over HTTPS, and requests made over HTTP will be rejected.

## Quick Start

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.quickbutik.com/v1/orders \
    -u your_api_key:your_api_key
  ```

  ```javascript Node.js theme={null}
  const apiKey = 'your_api_key';
  const credentials = Buffer.from(`${apiKey}:${apiKey}`).toString('base64');

  fetch('https://api.quickbutik.com/v1/orders', {
    headers: {
      'Authorization': `Basic ${credentials}`
    }
  });
  ```

  ```python Python theme={null}
  import requests
  import base64

  api_key = 'your_api_key'
  credentials = base64.b64encode(f'{api_key}:{api_key}'.encode()).decode()

  response = requests.get(
      'https://api.quickbutik.com/v1/orders',
      headers={'Authorization': f'Basic {credentials}'}
  )
  ```

  ```php PHP theme={null}
  <?php
  $apiKey = 'your_api_key';
  $credentials = base64_encode($apiKey . ':' . $apiKey);

  $ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, 'https://api.quickbutik.com/v1/orders');
  curl_setopt($ch, CURLOPT_HTTPHEADER, [
      'Authorization: Basic ' . $credentials
  ]);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  $response = curl_exec($ch);
  curl_close($ch);
  ?>
  ```
</CodeGroup>

## How it works

Basic Authentication requires you to include an `Authorization` header with every request. The header value consists of the word "Basic" followed by a space and a base64-encoded string of your credentials.

### Format

```
Authorization: Basic BASE64_ENCODED_CREDENTIALS
```

### Credential encoding

Your credentials should be formatted as `api_key:api_key` and then base64-encoded.

<Steps>
  <Step title="Format your credentials">
    Take your API key and format it as: `your_api_key:your_api_key`
  </Step>

  <Step title="Encode with base64">
    Encode the formatted string using base64 encoding
  </Step>

  <Step title="Add to Authorization header">
    Include the encoded string in your request headers as: `Authorization: Basic ENCODED_STRING`
  </Step>
</Steps>

## Example

Let's say your API key is `sk_live_abc123`. Here's how you'd construct the Authorization header:

<CodeGroup>
  ```text Step 1: Format theme={null}
  sk_live_abc123:sk_live_abc123
  ```

  ```text Step 2: Base64 encode theme={null}
  c2tfbGl2ZV9hYmMxMjM6c2tfbGl2ZV9hYmMxMjM=
  ```

  ```text Step 3: Authorization header theme={null}
  Authorization: Basic c2tfbGl2ZV9hYmMxMjM6c2tfbGl2ZV9hYmMxMjM=
  ```
</CodeGroup>

## Getting your API key

<Card title="Quickbutik Control Panel" icon="key">
  API keys can be generated and managed in the Quickbutik Control Panel by the store owner.

  Navigate to **Settings → API** to create and manage your API keys.
</Card>

## Security best practices

<Warning>
  **Keep your API keys secure**

  * Never expose API keys in client-side code
  * Use environment variables to store API keys
  * Rotate API keys regularly
  * Only grant necessary permissions
</Warning>

<Callout type="info">
  **HTTPS Required**

  All API requests must be made over HTTPS. Requests made over plain HTTP will be automatically rejected for security reasons.
</Callout>

## Migration from legacy authentication

<Callout type="warning">
  **Deprecation Notice**

  If you're currently using the legacy `apiKey` query parameter for authentication, please migrate to Basic Authentication as described above. The legacy method will be discontinued soon.
</Callout>

### Before (Legacy - Deprecated)

```bash theme={null}
curl "https://api.quickbutik.com/v1/orders?apiKey=your_api_key"
```

### After (Current)

```bash theme={null}
curl https://api.quickbutik.com/v1/orders \
  -u your_api_key:your_api_key
```

## Error responses

When authentication fails, you'll receive a `401 Unauthorized` response:

```json theme={null}
{
  "code": 401,
  "error": "Unauthorized - Invalid or missing authentication"
}
```

Common authentication errors:

* Missing `Authorization` header
* Invalid API key
* Malformed base64 encoding
* Using HTTP instead of HTTPS

## Testing your authentication

You can quickly test your authentication setup with a simple API call:

<CodeGroup>
  ```bash cURL theme={null}
  curl https://api.quickbutik.com/v1/products/count \
    -u your_api_key:your_api_key
  ```

  ```javascript JavaScript theme={null}
  const response = await fetch('https://api.quickbutik.com/v1/products/count', {
    headers: {
      'Authorization': `Basic ${btoa('your_api_key:your_api_key')}`
    }
  });

  if (response.ok) {
    console.log('Authentication successful!');
    const data = await response.json();
    console.log(data);
  } else {
    console.log('Authentication failed');
  }
  ```
</CodeGroup>

A successful response will return your product count, confirming your authentication is working correctly.