API Authentication

Details on API setting up and managing your keys


Authentication and authorisation

Roqqett's API uses HTTP basic authentication (ignore the Internet Explorer comments) as the main authentication method for all API calls.
To interact with the API, you will need to create a validate API key (see below for instructions) and depending on the HTTP library you are using, replace the password with the token string.


Production environment only

Currently there is not a test environment of the API, so please exercise care when testing.
We are working hard to release a test environment soon, so watch out for comms on developments.

API Keys

To create a new key:

  1. Navigate to API Keys in the Roqqett portal (info / link).
  2. Click the create new key form and enter a name.
  3. Store the API secret string somewhere safe for later use.

You can create a second Secret code using the Generate button in the row of the newly created API key.

You will need an API key to use Roqqett as it is the key that we use to authenticate your requests. Your headers must include the X-API-KEY header (example below), with the value set to the API secret you created in the Roqqett portal (info / link) earlier. If you omit to send a valid API key when calling the API, your request(s) will fail and Roqqett will return an error.

Roqqett, unlike other providers, lets you create and manage your keys how you want. You can create as many as you need and revoke their access as you wish without the need to involve Roqqett.


Keep your API key's secret safe

Warning: You must keep your API key's secret(s) safe and secure in case you need to recover your API key. Without the secret(s) you will be unable to recover access. API key secrets should be treated like a password.

curl --request POST \
     --url https://api.roqqett.com/carts \
     --header 'X-API-KEY: FpWqs6Ch7C2Vh0BbSTbbAT-BzSMWARhxTXRkDYFdJWzLB' \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json'

Rotating Secrets (aka Rolling Keys)

If you lose a secret or it becomes compromised, it is easy to rotate your API keys' secrets through the Roqqett portal (info / link).

To rotate your secrets:

  1. Navigate to API Keys page.
  2. Click the 'Rotate Secrets' button on the row of the API key being updated.
  3. Click 'Rotate' next to the API secret that you need to rotate (aka roll).
  4. Update the API secret in your live codebase.


Be careful when rotating secrets

Warning: As soon as you rotate your API secret your existing key's secret(s) will no longer work.

Any questions? Ask us via chat here (bottom right) or on our help center.