API authentication

API authentication

Authentication and authorisation

Roqqett's API uses HTTP basic authentication as the main authentication method for all API calls.

To interact with the API, you'll need to create a valid API key and, depending on the HTTP library you're using, replace the password with the token string.

Production environment only

Currently there is no test environment for the API, so please exercise care when testing.

Creating API keys

Unlike other providers, Roqqett lets you create and manage your keys how you want. You can create as many as you need and revoke their access as you wish without the need to involve Roqqett.

  1. In the Roqqett portal , go to the API keys area.
  2. Click the Create API Key button.
  3. Enter a descriptive name.
  4. Click Save to confirm.

Make sure you store the API secret string somewhere safe for later use.

You can create a second secret code by clicking Generate in the row of the newly-created API key.

You'll need an API key to use Roqqett because we use this to authenticate your requests. Your headers must include the X-API-KEY header (example below), with the value set to the API secret you created in the Roqqett portal earlier. If you omit to send a valid API key when calling the API, your request(s) will fail and Roqqett will return an error.

Keep your API key secrets safe

You must keep your API key secret(s) safe and secure in case you need to recover your API key. Without the secret(s), you won't be unable to recover access. API key secrets should be treated like a password.

Copy
Copied
curl --request POST
--url https://api.roqqett.com/carts
--header 'X-API-KEY: FpWqs6Ch7C2Vh0BbSTbbAT-BzSMWARhxTXRkDYFdJWzLB'
--header 'Accept: application/json'
--header 'Content-Type: application/json

Rotating secrets (aka rolling keys)

If you lose a secret or it becomes compromised, you can easily rotate (roll) your API keys' secrets.

  1. In the Roqqett portal , go to the API keys area.
  2. Click ... > Rotate Secrets on the row of the API key that you want to update.
  3. Click Rotate next to the API secret that you need to rotate.
  4. Update the API secret in your live codebase.
Be careful when rotating secrets

As soon as you rotate your API secret, your existing secret(s) will no longer work.