Authentication

Learn how to authenticate your requests to the Measura API.

API key authentication

All API requests must include an API key in the Authorization header. API keys are generated through the app settings and must be active and not expired. Each API key is tied to a specific Shopify store.

Authorization: Bearer <api-key>

The API key should be in the format: {keyId}:{secret}

Alternative Authentication

If the Authorization header is not provided, the API will attempt to read the key from form data with the key name key.

Note:

Keep your API key secure and never expose it in client-side code or public repositories.

Generating API keys

API keys can be generated through the Measura app settings in your Shopify admin. Each key consists of:

  • A unique key ID that identifies the API key
  • A secret that must be kept confidential
  • An expiration date (optional, but recommended)

Best Practices

  • Rotate API keys regularly for enhanced security
  • Use different keys for different applications or environments
  • Set expiration dates on keys when possible
  • Never commit API keys to version control

Next steps

Now that you understand authentication, explore the available API endpoints:

View API Endpoints