Getting Started
Markdown
Authentication & API Keys

All requests to Diddo’s REST API must include an API key. Keys are unique to your account and used to track usage, enforce rate limits, and secure access to your data.


📬 Getting & Using Your API Key

API keys are issued per client and tied to your account. Our self-serve Admin Dashboard for managing keys is currently in beta and will be available soon. Once live, you’ll be able to generate and manage API keys directly. Each API Key can be configured for:

  • Environment: Sandbox or Production
  • Expiration: Optional auto-expiry or manual revocation

Be sure to specify your preferred environment and expiration settings when requesting a key.

💡

In the meantime, contact your integration lead or email support@shopdiddo.com to request a temporary token you can use to retrieve your API Key.


📥 Getting Your API Key

Once you’ve received your temporary token, use it to request your API key from the following POST endpoint. You will only see your API key once. Store it securely, treat it like a password.

shell

Include the following headers:

shell

If successful, the response will return your API key:

json

🔐 Using Your API Key

Your API Key must be included in the Authorization header of every request.

Example:

shell

or with fetch:

javascript

🚫 Unauthorized Requests

If your request is missing a valid API key, you’ll receive a 401 Unauthorized response:

json

🧪 Test vs Production Keys

Use sandbox keys while building or testing your integration. These keys:

  • Simulate real API responses
  • Do not charge customers
  • Do not affect inventory or orders

Use production keys only in live environments.


🧭 What’s Next?

Now that you’re authenticated, you can start exploring endpoints and building your integration.