# Private apps

Private apps can interact with the ShopBase API on behalf of only one particular store. These apps authenticate with ShopBase through basic HTTP authentication. The required credentials must be generated from the ShopBase admin of the store that you want to connect with your app.

{% hint style="info" %}
&#x20;The [ShopBase API License and Terms of Use](https://pages.shopbase.com/api-terms) governs your access to and use of the ShopBase API. Make sure you're familiar with these terms before you create an app.
{% endhint %}

### On this page

* [Generate credentials from the ShopBase admin](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request/authentication/private-apps#generate-credentials-from-the-shopify-admin)
* [Make authenticated requests](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request/authentication/private-apps#make-authenticated-requests)

### Generate credentials from the ShopBase admin <a href="#generate-credentials-from-the-shopify-admin" id="generate-credentials-from-the-shopify-admin"></a>

Before you can authenticate a private app to ShopBase, you need to generate the required credentials from the ShopBase admin of the store that you want to connect with your application. If you don't have a ShopBase store, then you can [create a development store](https://developers.shopbase.com/build-an-app-tutorial/making-your-first-request#create-a-development-store).

After you've provisioned a development store, log in and then generate the required credentials from the **development store admin**:

1. From your ShopBase admin, go to **Apps**.
2. Click **Manage private apps**, near the bottom of the page.
3. Click **Create a new private app**.
4. In the **App details** section, enter a name for the private app and a contact email address.

   ShopBase uses the email address to contact the developer if there is an issue with the private app, such as when an API change might break it.
5. In the **Admin API** section, select the areas of your store that you want the app to be able to access.
6. Click **Save**.

You'll see your API key and password in the **Admin API** section. You can use these credentials to make authenticated requests to the ShopBase store that uses your application.

{% hint style="info" %}
Treat the API key and password like you would any other password, because whoever has access to these credentials has full API access to the store.
{% endhint %}

### Make authenticated requests <a href="#make-authenticated-requests" id="make-authenticated-requests"></a>

A private app can make authenticated requests to the ShopBase Admin REST API using basic authentication or by including its ShopBase access token in the request header.

#### Basic authentication <a href="#basic-authentication" id="basic-authentication"></a>

Private apps can authenticate through basic HTTP authentication by using their Admin API key and password as a username and password. You can generate these credentials from the ShopBase admin of the store that you want to connect with your app.

Some HTTP clients support basic authentication by prepending `username:password@` to the hostname in the URL. For example:

```
GET https://4478eb7ac138a136852babd861956c19:3e5a6edec71eab039422c6444d02659d@johns-apparel.onshopbase.com/admin/shop.json
```

If your HTTP client doesn't support basic authentication using this method, then you can provide the credentials in the `Authorization` header field instead:

1. Join the API key and password with a single colon (`:`).
2. Encode the resulting string in base64 representation.
3. Prepend the base64-encoded string with `Basic` and a space:

   ```
   Authorization: Basic 
   NDQ3OGViN2FjMTM4YTEzNjg1MmJhYmQ4NjE5NTZjMTk6M2U1YTZlZGVjNzFlYWIwMzk0MjJjNjQ0NGQwMjY1OWQ=
   ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.shopbase.com/build-an-app/making-your-first-request/authentication/private-apps.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.