Skip to main content

API Keys

Shoppex uses API keys for authentication. Each key is scoped to a specific shop and provides full access to the Developer API.

Creating an API Key

1

Open Dashboard

Go to dashboard.shoppex.io and log in.
2

Navigate to Settings

Go to Settings in the sidebar.
3

Generate Key

In the Developer API section, click Generate New API Key.
4

Copy Key

Copy your API key immediately. It starts with shx_ and won’t be shown again.
Store your API key securely. If compromised, regenerate it immediately.

Using Your API Key

Include the API key in the Authorization header with the Bearer scheme: 
curl -X GET https://api.shoppex.io/dev/v1/invoices \
  -H "Authorization: Bearer shx_your_api_key_here"

Key Format

PrefixDescription
shx_Shoppex API Key (32 characters after prefix)
Example: shx_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6

Error Responses

Missing or Invalid Key

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Missing or invalid API key. Expected: Authorization: Bearer shx_...",
    "doc_url": "https://docs.shoppex.io/api/errors#UNAUTHORIZED"
  }
}

Shop Suspended

{
  "error": {
    "code": "FORBIDDEN",
    "message": "Your shop has been suspended.",
    "doc_url": "https://docs.shoppex.io/api/errors#FORBIDDEN"
  }
}

Regenerating Keys

If an API key is compromised:
  1. Go to Settings in your dashboard
  2. In the Developer API section, click Regenerate API Key
  3. Update your integration with the new key
The old key is immediately invalidated. All requests using it will fail with 401 Unauthorized.

Best Practices

Never hardcode API keys in your source code.
export SHOPPEX_API_KEY=shx_your_api_key_here

const apiKey = process.env.SHOPPEX_API_KEY;
Never expose your API key in client-side code (browsers, mobile apps). Make API calls from your backend server.
Always use HTTPS when making API requests to prevent key interception.
Check your dashboard regularly for unusual API activity.