Private apps

Private apps can interact with the ShopBase API on behalf of only one particular store. These apps authenticate with ShopBase through basic HTTP authentication. The required credentials must be generated from the ShopBase admin of the store that you want to connect with your app.

The ShopBase API License and Terms of Use governs your access to and use of the ShopBase API. Make sure you're familiar with these terms before you create an app.

On this page

Generate credentials from the ShopBase admin

Before you can authenticate a private app to ShopBase, you need to generate the required credentials from the ShopBase admin of the store that you want to connect with your application. If you don't have a ShopBase store, then you can create a development store.

After you've provisioned a development store, log in and then generate the required credentials from the development store admin:

  1. From your ShopBase admin, go to Apps.

  2. Click Manage private apps, near the bottom of the page.

  3. Click Create a new private app.

  4. In the App details section, enter a name for the private app and a contact email address.

    ShopBase uses the email address to contact the developer if there is an issue with the private app, such as when an API change might break it.

  5. In the Admin API section, select the areas of your store that you want the app to be able to access.

  6. Click Save.

You'll see your API key and password in the Admin API section. You can use these credentials to make authenticated requests to the ShopBase store that uses your application.

Treat the API key and password like you would any other password, because whoever has access to these credentials has full API access to the store.

Make authenticated requests

A private app can make authenticated requests to the ShopBase Admin REST API using basic authentication or by including its ShopBase access token in the request header.

Basic authentication

Private apps can authenticate through basic HTTP authentication by using their Admin API key and password as a username and password. You can generate these credentials from the ShopBase admin of the store that you want to connect with your app.

Some HTTP clients support basic authentication by prepending username:password@ to the hostname in the URL. For example:

GET https://4478eb7ac138a136852babd861956c19:3e5a6edec71eab039422c6444d02659d@johns-apparel.onshopbase.com/admin/shop.json

If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the Authorization header field instead:

  1. Join the API key and password with a single colon (:).

  2. Encode the resulting string in base64 representation.

  3. Prepend the base64-encoded string with Basic and a space:

    Authorization: Basic
    NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZjMTk6M2U1YTZlZGVjNzFlYWIwMzk0MjJjNjQ0NGQwMjY1OWQ=

ShopBase access token

Private apps can authenticate with ShopBase by including the request header X-ShopBase-Access-Token: {access_token}, where {access_token} is replaced by your private app's Admin API password.