docs
  1. Api-guides/storefront-api
  2. Getting Started
  3. Authentication

Authentication

Every endpoint of the REST Storefront API requires authentication. To authenticate your request, you need to generate an authentication token within the SCAYLE Panel. Once you have your token, include it in the X-Access-Token HTTP header to authenticate your request. For instance, in the request below, replace {{token}} with your actual token:

If authentication credentials are missing or invalid, the API will return a JSON response with the status code HTTP 401 “Unauthorized”, along with the following body:

Important Security Guidelines

  • Keep access tokens confidential: Ideally, you should proxy API requests through a secure backend.
  • Use dedicated tokens for distinct applications.
  • Create narrowly-scoped tokens: These tokens should grant only the permissions required for their specific use case.

For example, an internal tool for managing orders should use a separate, more privileged token than one used by the application serving end-users. If you suspect a token has been compromised, revoke it immediately and generate a replacement.