Authentication
Authenticate Ecommerce Data API requests with an API key.
Authentication
All data endpoints require an active API key and subscription entitlement. Manage keys in API key settings, or go directly to Create API key.
API key header
The recommended method is the X-API-Key header:
X-API-Key: ecom_live_your_keyBearer authentication is also supported:
Authorization: Bearer ecom_live_your_keySend only one authentication method per request.
Key handling
- Keep API keys in server-side secrets or environment variables.
- Do not embed a key in frontend JavaScript, mobile binaries, or public source.
- Use separate keys for development, staging, and production.
- Revoke and replace a key immediately if it may have been exposed.
API keys are scoped to their owning account and current subscription. An
expired, revoked, or unknown key returns 401. A valid key without access to an
endpoint returns 403.
RapidAPI
When an API is consumed through RapidAPI, use the authentication headers shown in the RapidAPI code generator. Ecommerce Data API validates requests forwarded by the marketplace and maps the subscribed marketplace plan to the corresponding service entitlement.