All requests to Diddo’s REST API must include an API key. Keys are unique to your account and used to track usage, enforce rate limits, and secure access to your data.
📬 Getting & Using Your API Key
API keys are issued per client and tied to your account. Our self-serve Admin Dashboard for managing keys is currently in beta and will be available soon. Once live, you’ll be able to generate and manage API keys directly. Each API Key can be configured for:
- ✅ Environment: Sandbox or Production
- ⏳ Expiration: Optional auto-expiry or manual revocation
Be sure to specify your preferred environment and expiration settings when requesting a key.
💡In the meantime, contact your integration lead or email support@shopdiddo.com to request a temporary token you can use to retrieve your API Key.
📥 Getting Your API Key
Once you’ve received your temporary token, use it to request your API key from the following POST endpoint. You will only see your API key once. Store it securely, treat it like a password.
shellInclude the following headers:
shellIf successful, the response will return your API key:
json🔐 Using Your API Key
Your API Key must be included in the Authorization header of every request.
Example:
shellor with fetch:
javascript🚫 Unauthorized Requests
If your request is missing a valid API key, you’ll receive a 401 Unauthorized response:
json🧪 Test vs Production Keys
Use sandbox keys while building or testing your integration. These keys:
- Simulate real API responses
- Do not charge customers
- Do not affect inventory or orders
Use production keys only in live environments.
🧭 What’s Next?
Now that you’re authenticated, you can start exploring endpoints and building your integration.