ShopBase Developers
  • Getting started
  • Build An App
    • Making your first request
      • Authentication
        • Public apps
        • Private apps
        • OAuth
        • API access scopes
      • Rest API References
        • Rate limits
      • Using webhooks
        • Webhook events and topics
      • Response status codes
    • How to submit an app to ShopBase App Store
    • Getting your app approved
      • App requirements
      • Testing your app
      • Submitting your app
      • The review process
  • BUILD A THEME
    • Getting started building themes
    • Theme development resources
      • Connect to your store & start developing
      • Theme structure
      • Theme object, methods, and props
      • Theme editor
        • How to update configure for theme editor
    • How to submit a theme to ShopBase Theme Store
    • Storefront SDK
  • Test and Debug app
    • Debug apps with Postman
  • Tutorial
    • Manage orders and shipping
      • Manage orders with the REST Admin API
        • Transaction
        • Order
      • Edit an existing order with the Admin API
      • Manage fulfillments with Fulfillment and FulfillmentService resources
      • Get a country field using Admin API
  • Integrate a payment gateway
    • How to create your payment gateway on ShopBase
    • Technical Specifications
Powered by GitBook
On this page
  • On this page
  • Generate credentials from the ShopBase admin
  • Make authenticated requests

Was this helpful?

  1. Build An App
  2. Making your first request
  3. Authentication

Private apps

PreviousPublic appsNextOAuth

Last updated 4 years ago

Was this helpful?

Private apps can interact with the ShopBase API on behalf of only one particular store. These apps authenticate with ShopBase through basic HTTP authentication. The required credentials must be generated from the ShopBase admin of the store that you want to connect with your app.

The governs your access to and use of the ShopBase API. Make sure you're familiar with these terms before you create an app.

On this page

Generate credentials from the ShopBase admin

Before you can authenticate a private app to ShopBase, you need to generate the required credentials from the ShopBase admin of the store that you want to connect with your application. If you don't have a ShopBase store, then you can .

After you've provisioned a development store, log in and then generate the required credentials from the development store admin:

  1. From your ShopBase admin, go to Apps.

  2. Click Manage private apps, near the bottom of the page.

  3. Click Create a new private app.

  4. In the App details section, enter a name for the private app and a contact email address.

    ShopBase uses the email address to contact the developer if there is an issue with the private app, such as when an API change might break it.

  5. In the Admin API section, select the areas of your store that you want the app to be able to access.

  6. Click Save.

You'll see your API key and password in the Admin API section. You can use these credentials to make authenticated requests to the ShopBase store that uses your application.

Treat the API key and password like you would any other password, because whoever has access to these credentials has full API access to the store.

Make authenticated requests

A private app can make authenticated requests to the ShopBase Admin REST API using basic authentication or by including its ShopBase access token in the request header.

Basic authentication

Private apps can authenticate through basic HTTP authentication by using their Admin API key and password as a username and password. You can generate these credentials from the ShopBase admin of the store that you want to connect with your app.

Some HTTP clients support basic authentication by prepending username:password@ to the hostname in the URL. For example:

GET https://4478eb7ac138a136852babd861956c19:3e5a6edec71eab039422c6444d02659d@johns-apparel.onshopbase.com/admin/shop.json

If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the Authorization header field instead:

  1. Join the API key and password with a single colon (:).

  2. Encode the resulting string in base64 representation.

  3. Prepend the base64-encoded string with Basic and a space:

    Authorization: Basic 
    NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZjMTk6M2U1YTZlZGVjNzFlYWIwMzk0MjJjNjQ0NGQwMjY1OWQ=
ShopBase API License and Terms of Use
Generate credentials from the ShopBase admin
Make authenticated requests
create a development store