Public apps
A public ShopBase app can interact with the ShopBase API on behalf of multiple stores.
Last updated
Was this helpful?
A public ShopBase app can interact with the ShopBase API on behalf of multiple stores.
Last updated
Was this helpful?
To authenticate with ShopBase using a public app, you'll need to generate the credentials from your Partner Dashboard and then use them to implement .
You can create a public application from your .
To create an app:
Once you are ShopBase's partner, and you own a store, you could see Manage public apps from your profile menu. Click Manage public apps to go to your Partner Dashboard.
From your Partner Dashboard, click Apps > Create app.
Provide an app name and URL where you will place authentication url of your app.
Click Create app. You are directed to your app's overview page, where you can view the API key and API secret that you will need for OAuth.
The Access Token is the primary method for your application to authenticate with the ShopBase system. To enhance connection security and reduce potential risks, we have implemented additional security layers.
Starting from May 21, 2025, 100% of API requests to ShopBase must comply with the following security layers:
Mandatory Layer: Token Secret
Optional Layer: Whitelisted IPs
The Token Secret is a confidential string that must be included in every request from your application to ShopBase. It must be passed in the HTTP header named X-ShopBase-Token-Secret
.
To generate a Token Secret, go to Access Control >> Generate new secret.
After clicking Generate, a new Secret will be created and displayed immediately. For security reasons, you must store it yourself — just like how you would store a password. We will permanently hide the secret right after you click Close.
You can create and manage up to 3 Token Secrets at the same time. The Switch button allows you to enable or disable the active status of each secret individually, and the Delete button will permanently remove it.
Whitelisted IP is an advanced security layer that allows you to configure specific IP addresses or IP ranges permitted to send requests from your application to ShopBase. This layer is not mandatory; however, we recommend using it to restrict access to trusted sources.
Note: Changes made in the Access Control section are not applied immediately. They will be synchronized with the system within up to 15 minutes.
Public apps authenticate to ShopBase by providing the X-ShopBase-Access-Token
header field in each HTTP request to the ShopBase API. This access token is obtained through an OAuth handshake. To learn more about how OAuth works, see .