Skip to main content

API Authentication

To interact with the StoreLinkr REST API, you must authenticate your requests using two custom HTTP headers. These headers identify your application and ensure that you have permission to access the requested data.

Required Headers

Every request to the StoreLinkr API must include the following headers:

HeaderDescription
X-StoreLinkr-Api-KeyYour unique API Token.
X-StoreLinkr-Api-SecretYour private API Secret.

Obtaining Your Credentials

You can manage your API credentials within the StoreLinkr dashboard.

  1. Go to Settings > API Keys.
  2. Create a new set of keys or use an existing one.
  3. Your API Token corresponds to X-StoreLinkr-Api-Key.
  4. Your API Secret corresponds to X-StoreLinkr-Api-Secret.
warning

Protect your API Secret! The secret should never be shared publicly, committed to version control, or exposed in client-side code (like JavaScript running in a browser). If you suspect your secret has been compromised, revoke the key immediately in the dashboard.

Example Requests

Using cURL

curl -X GET "https://api.storelinkr.com/api/v2/products" \
     -H "X-StoreLinkr-Api-Key: your_api_token_here" \
     -H "X-StoreLinkr-Api-Secret: your_api_secret_here" \
     -H "Accept: application/json"

Using PHP (Guzzle)

use GuzzleHttp\Client;

$client = new Client();
$response = $client->request('GET', 'https://api.storelinkr.com/api/v2/products', [
    'headers' => [
        'X-StoreLinkr-Api-Key' => 'your_api_token_here',
        'X-StoreLinkr-Api-Secret' => 'your_api_secret_here',
        'Accept' => 'application/json',
    ]
]);

$body = json_decode($response->getBody(), true);

Troubleshooting Authentication

If you receive a 401 Unauthorized response:

  • Double-check that both X-StoreLinkr-Api-Key and X-StoreLinkr-Api-Secret headers are present and correctly spelled.
  • Verify that the values match exactly what is shown in the StoreLinkr dashboard.
  • Ensure the API key has not been revoked.
  • Check that you are sending the headers with the correct case (though HTTP headers are generally case-insensitive, following the standard casing is recommended).