# Private apps

Private apps can interact with the ShopBase API on behalf of only one particular store. These apps authenticate with ShopBase through basic HTTP authentication. The required credentials must be generated from the ShopBase admin of the store that you want to connect with your app.

{% hint style="info" %}
&#x20;The [ShopBase API License and Terms of Use](https://pages.shopbase.com/api-terms) governs your access to and use of the ShopBase API. Make sure you're familiar with these terms before you create an app.
{% endhint %}

### On this page

* [Generate credentials from the ShopBase admin](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request/authentication/private-apps#generate-credentials-from-the-shopify-admin)
* [Make authenticated requests](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request/authentication/private-apps#make-authenticated-requests)

### Generate credentials from the ShopBase admin <a href="#generate-credentials-from-the-shopify-admin" id="generate-credentials-from-the-shopify-admin"></a>

Before you can authenticate a private app to ShopBase, you need to generate the required credentials from the ShopBase admin of the store that you want to connect with your application. If you don't have a ShopBase store, then you can [create a development store](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request#create-a-development-store).

After you've provisioned a development store, log in and then generate the required credentials from the **development store admin**:

1. From your ShopBase admin, go to **Apps**.
2. Click **Manage private apps**, near the bottom of the page.
3. Click **Create a new private app**.
4. In the **App details** section, enter a name for the private app and a contact email address.

   ShopBase uses the email address to contact the developer if there is an issue with the private app, such as when an API change might break it.
5. In the **Admin API** section, select the areas of your store that you want the app to be able to access.
6. Click **Save**.

You'll see your API key and password in the **Admin API** section. You can use these credentials to make authenticated requests to the ShopBase store that uses your application.

{% hint style="info" %}
Treat the API key and password like you would any other password, because whoever has access to these credentials has full API access to the store.
{% endhint %}

### Make authenticated requests <a href="#make-authenticated-requests" id="make-authenticated-requests"></a>

A private app can make authenticated requests to the ShopBase Admin REST API using basic authentication or by including its ShopBase access token in the request header.

#### Basic authentication <a href="#basic-authentication" id="basic-authentication"></a>

Private apps can authenticate through basic HTTP authentication by using their Admin API key and password as a username and password. You can generate these credentials from the ShopBase admin of the store that you want to connect with your app.

Some HTTP clients support basic authentication by prepending `username:password@` to the hostname in the URL. For example:

```
GET https://4478eb7ac138a136852babd861956c19:3e5a6edec71eab039422c6444d02659d@johns-apparel.onshopbase.com/admin/shop.json
```

If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the `Authorization` header field instead:

1. Join the API key and password with a single colon (`:`).
2. Encode the resulting string in base64 representation.
3. Prepend the base64-encoded string with `Basic` and a space:

   ```
   Authorization: Basic 
   NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZjMTk6M2U1YTZlZGVjNzFlYWIwMzk0MjJjNjQ0NGQwMjY1OWQ=
   ```