ShopBase Developers
  • Getting started
  • Build An App
    • Making your first request
      • Authentication
        • Public apps
        • Private apps
        • OAuth
        • API access scopes
      • Rest API References
        • Rate limits
      • Using webhooks
        • Webhook events and topics
      • Response status codes
    • How to submit an app to ShopBase App Store
    • Getting your app approved
      • App requirements
      • Testing your app
      • Submitting your app
      • The review process
  • BUILD A THEME
    • Getting started building themes
    • Theme development resources
      • Connect to your store & start developing
      • Theme structure
      • Theme object, methods, and props
      • Theme editor
        • How to update configure for theme editor
    • How to submit a theme to ShopBase Theme Store
    • Storefront SDK
  • Test and Debug app
    • Debug apps with Postman
  • Tutorial
    • Manage orders and shipping
      • Manage orders with the REST Admin API
        • Transaction
        • Order
      • Edit an existing order with the Admin API
      • Manage fulfillments with Fulfillment and FulfillmentService resources
      • Get a country field using Admin API
  • Integrate a payment gateway
    • How to create your payment gateway on ShopBase
    • Technical Specifications
Powered by GitBook
On this page
  • Generate credentials from your Partner Dashboard
  • Manage Access From App to ShopBase
  • Make authenticated requests

Was this helpful?

  1. Build An App
  2. Making your first request
  3. Authentication

Public apps

A public ShopBase app can interact with the ShopBase API on behalf of multiple stores.

PreviousAuthenticationNextPrivate apps

Last updated 3 days ago

Was this helpful?

To authenticate with ShopBase using a public app, you'll need to generate the credentials from your Partner Dashboard and then use them to implement .

Generate credentials from your Partner Dashboard

You can create a public application from your .

To create an app:

  1. Once you are ShopBase's partner, and you own a store, you could see Manage public apps from your profile menu. Click Manage public apps to go to your Partner Dashboard.

  2. From your Partner Dashboard, click Apps > Create app.

  3. Provide an app name and URL where you will place authentication url of your app.

  4. Click Create app. You are directed to your app's overview page, where you can view the API key and API secret that you will need for OAuth.

Manage Access From App to ShopBase

The Access Token is the primary method for your application to authenticate with the ShopBase system. To enhance connection security and reduce potential risks, we have implemented additional security layers.

Starting from May 21, 2025, 100% of API requests to ShopBase must comply with the following security layers:

  • Mandatory Layer: Token Secret

  • Optional Layer: Whitelisted IPs

Token Secret

The Token Secret is a confidential string that must be included in every request from your application to ShopBase. It must be passed in the HTTP header named X-ShopBase-Token-Secret .

To generate a Token Secret, go to Access Control >> Generate new secret.

After clicking Generate, a new Secret will be created and displayed immediately. For security reasons, you must store it yourself — just like how you would store a password. We will permanently hide the secret right after you click Close.

You can create and manage up to 3 Token Secrets at the same time. The Switch button allows you to enable or disable the active status of each secret individually, and the Delete button will permanently remove it.

Whitelisted IPs

Whitelisted IP is an advanced security layer that allows you to configure specific IP addresses or IP ranges permitted to send requests from your application to ShopBase. This layer is not mandatory; however, we recommend using it to restrict access to trusted sources.

Note: Changes made in the Access Control section are not applied immediately. They will be synchronized with the system within up to 15 minutes.

Make authenticated requests

Public apps authenticate to ShopBase by providing the X-ShopBase-Access-Token header field in each HTTP request to the ShopBase API. This access token is obtained through an OAuth handshake. To learn more about how OAuth works, see .

OAuth
OAuth
Partner Dashboard
Create public app screen
Generate new secret
Copy new secret
Manage list secret