Authentication
Storelayer uses two authentication methods depending on the context:
API Key Authentication
Section titled “API Key Authentication”Use API keys for server-to-server communication. API keys are passed via the Authorization header.
curl -X GET https://api.storelayer.io/v1/customers \ -H "Authorization: Bearer YOUR_API_KEY"Key Types
Section titled “Key Types”| Type | Prefix | Usage |
|---|---|---|
| Live | sk_live_ | Production API calls |
| Test | sk_test_ | Development and testing |
Creating API Keys
Section titled “Creating API Keys”- Go to your project Settings → API Keys
- Click Create API Key
- Give it a descriptive name
- Copy the key — it won’t be shown again
JWT Authentication
Section titled “JWT Authentication”Use JWT tokens for user-facing applications. JWTs are issued after a user authenticates through the dashboard.
Token Lifecycle
Section titled “Token Lifecycle”- Access tokens expire after 1 hour
- Refresh tokens expire after 7 days
- Use the refresh token to obtain new access tokens
Ingest API Authentication
Section titled “Ingest API Authentication”For the event ingestion endpoint (/ingest/*), use API key authentication with the X-API-Key header:
curl -X POST https://api.storelayer.io/ingest/events \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"event": "purchase", "customerId": "cust_123", "amount": 4999}'Rate Limits
Section titled “Rate Limits”| Plan | Requests/min | Burst |
|---|---|---|
| Free | 60 | 10 |
| Pro | 600 | 100 |
| Enterprise | Custom | Custom |