Overview

Authentication

Get and use API keys.

Getting an API key

Open the API keys page in your dashboard
Click Create API Key
Copy the key immediately - it won't be shown again

These are publishable keys, prefixed pk_. They are safe to embed in browser or mobile client code: they cover your public storefront data and the client-side actions a shopper performs, such as creating a cart. A publishable key cannot read private data or make administrative changes to your store, like editing products, settings, or orders.

Using your API key

Include the key in the Authorization header:

curl https://admin.getaeolian.com/api/v1/products \
  -H "Authorization: Bearer pk_your_api_key"

Each key is scoped to a single store - you don't need to specify a store ID in requests.

Calling from the browser

The API sends permissive CORS headers, so you can call it directly from storefront frontend code as well as from your server. Browsers send a preflight OPTIONS request automatically and no extra setup is needed.

Pausing keys

You can pause an API key from the dashboard without deleting it. Paused keys are rejected during authentication - requests will return a 401 with Invalid API key.

This is useful for temporarily disabling access (e.g., during maintenance or if you suspect a leak) while keeping the option to re-enable later.

Introduction

JPrevious

Versioning

KNext