API authentication

Authentication and authorisation

Roqqett's API uses HTTP basic authentication as the main authentication method for all API calls.

To interact with the API, you'll need to create a valid API key and, depending on the HTTP library you're using, replace the password with the token string.

Creating API keys

Unlike other providers, Roqqett lets you create and manage your keys how you want. You can create as many as you need and revoke their access as you wish without the need to involve Roqqett.

1. In the Roqqett portal , go to the API keys area.
2. Click the Create API Key button.
3. Enter a descriptive name.
4. Click Save to confirm.

Make sure you store the API secret string somewhere safe for later use.

You can create a second secret code by clicking Generate in the row of the newly-created API key.

You'll need an API key to use Roqqett because we use this to authenticate your requests. Your headers must include the X-API-KEY header (example below), with the value set to the API secret you created in the Roqqett portal earlier. If you omit to send a valid API key when calling the API, your request(s) will fail and Roqqett will return an error.

curl --request POST
--url https://api.roqqett.com/carts
--header 'X-API-KEY: FpWqs6Ch7C2Vh0BbSTbbAT-BzSMWARhxTXRkDYFdJWzLB'
--header 'Accept: application/json'
--header 'Content-Type: application/json

Rotating secrets (aka rolling keys)

If you lose a secret or it becomes compromised, you can easily rotate (roll) your API keys' secrets.

1. In the Roqqett portal , go to the API keys area.
2. Click ... > Rotate Secrets on the row of the API key that you want to update.
3. Click Rotate next to the API secret that you need to rotate.
4. Update the API secret in your live codebase.