Ordergroove has built out support for using an API key authentication based on feedback from our merchants and partners. Ordergroove’s APIs have traditionally been authenticated via an HMAC signature sent in the header with your API requests.
With the new token authentication, we've made it easier and faster to build on the platform. There's no need to reach out to Ordergroove to get your authentication, just generate and go.
- Do not store or expose the API Key on the client side. If you want to make the API calls from the front end, you will have to create a proxy endpoint in your backend to make those calls. Exposing the key on the front end will give broad access to your data to malicious actors.
- The current version does not have a way to set permissions for each individual key that is granted to you. Therefore, please only provide API keys to users that you trust.
Generating an API key
You can generate your API key right from your Ordergroove Admin Dashboard.
- Log into Ordergroove.
- Open up the Profile Icon on the top right, select Developers and API Keys.
- Sign our Terms of Service for the API token.
- The API key will populate, and you're set. Share it with your engineers and developers.
- Send an “X-API-Key” header with the token when making a request to our endpoints.
Which endpoints use the new authentication?
The new API token authentication has full access to the APIs listed below. The categories correspond to our API Reference.
- Offer Profiles
- One Time Incentives
- Anticipate AI